Export limit exceeded: 16563 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335232 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4765 | 1 Phpgurukul | 1 Zoo Management System | 2025-05-27 | 7.3 High |
| A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been classified as critical. Affected is an unknown function of the file /admin/contactus.php. The manipulation of the argument mobnum leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4766 | 1 Phpgurukul | 1 Zoo Management System | 2025-05-27 | 7.3 High |
| A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php. The manipulation of the argument contactnumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48758 | 2 Dingfanzu, Timgreen | 2 Cms, Dingfanzu Cms | 2025-05-27 | 6.1 Medium |
| dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code | ||||
| CVE-2024-48249 | 1 Wavelog | 1 Wavelog | 2025-05-27 | 7.3 High |
| Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, or mode. | ||||
| CVE-2024-46911 | 1 Apache | 1 Roller | 2025-05-27 | 4.7 Medium |
| Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges attack. This issue affects Apache Roller before 6.1.4. Roller users who run multi-blog/user Roller websites are recommended to upgrade to version 6.1.4, which fixes the issue. Roller 6.1.4 release announcement: https://lists.apache.org/thread/3c3f6rwqptyw6wdc95654fq5vlosqdpw | ||||
| CVE-2024-46468 | 1 Jpress | 1 Jpress | 2025-05-27 | 7.5 High |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. | ||||
| CVE-2024-47378 | 1 Wpcom | 1 Wpcom Member | 2025-05-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4. | ||||
| CVE-2023-26771 | 1 Taskcafe Project | 1 Taskcafe | 2025-05-27 | 6.5 Medium |
| Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file. | ||||
| CVE-2023-26770 | 1 Taskcafe Project | 1 Taskcafe | 2025-05-27 | 9.8 Critical |
| TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | ||||
| CVE-2025-2872 | 2025-05-27 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate of CVE-2025-47577. Notes: All CVE users should reference CVE-2025-47577 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2025-05-27 | 6.5 Medium |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41249 | 1 Jenkins | 1 Scm Httpclient | 2025-05-27 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41248 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | 5.3 Medium |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2022-41247 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | 4.3 Medium |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-41246 | 1 Jenkins | 1 Worksoft Execution Manager | 2025-05-27 | 6.5 Medium |
| A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-40754 | 1 Apache | 1 Airflow | 2025-05-27 | 6.1 Medium |
| In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | ||||
| CVE-2022-40604 | 1 Apache | 1 Airflow | 2025-05-27 | 7.5 High |
| In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | ||||
| CVE-2022-39975 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | 4.3 Medium |
| The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. | ||||
| CVE-2022-38928 | 1 Xpdfreader | 1 Xpdf | 2025-05-27 | 7.8 High |
| XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. | ||||
| CVE-2022-37877 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-05-27 | 7.8 High |
| A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability. | ||||