Export limit exceeded: 334989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334989 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3256 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-05-23 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0530. | ||||
| CVE-2022-3268 | 1 Ikus-soft | 1 Minarca | 2025-05-23 | 9.8 Critical |
| Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | ||||
| CVE-2022-3267 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6. | ||||
| CVE-2025-22149 | 2025-05-23 | N/A | ||
| JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value). | ||||
| CVE-2021-34661 | 1 Verygoodplugins | 1 Wp Fusion | 2025-05-23 | 6.1 Medium |
| The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attackers to drop all logs for the plugin, in versions up to and including 3.37.18. | ||||
| CVE-2021-34660 | 1 Verygoodplugins | 1 Wp Fusion | 2025-05-23 | 6.1 Medium |
| The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.37.18. | ||||
| CVE-2021-34640 | 1 Securimage-wp-fixed Project | 1 Securimage-wp-fixed | 2025-05-23 | 6.1 Medium |
| The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. | ||||
| CVE-2021-34655 | 1 Wp Songbook Project | 1 Wp Songbook | 2025-05-23 | 6.1 Medium |
| The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11. | ||||
| CVE-2021-34658 | 1 Keszites | 1 Simple Popup Newsletter | 2025-05-23 | 6.1 Medium |
| The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7. | ||||
| CVE-2021-34663 | 1 Arvtard | 1 Jquery Tagline Rotator | 2025-05-23 | 6.1 Medium |
| The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5. | ||||
| CVE-2021-34659 | 1 Sizmic | 1 Plugmatter Pricing Table | 2025-05-23 | 6.1 Medium |
| The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `email` parameter in the ~/license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32. | ||||
| CVE-2021-34664 | 1 Moova | 1 Moova For Woocommerce | 2025-05-23 | 6.1 Medium |
| The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5. | ||||
| CVE-2021-34665 | 1 Wp Seo Tags Project | 1 Wp Seo Tags | 2025-05-23 | 6.1 Medium |
| The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7. | ||||
| CVE-2025-44176 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-05-23 | 6.5 Medium |
| Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function. | ||||
| CVE-2025-45858 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-05-23 | 9.8 Critical |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability via the FUN_00459fdc function. | ||||
| CVE-2025-3757 | 1 Openpubkey | 1 Openpubkey | 2025-05-23 | 9.8 Critical |
| Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. | ||||
| CVE-2025-45863 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-05-23 | 9.8 Critical |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the macstr parameter in the formMapDelDevice interface. | ||||
| CVE-2024-13382 | 1 Codepeople | 1 Calculated Fields Form | 2025-05-23 | 4.8 Medium |
| The Calculated Fields Form WordPress plugin before 5.2.64 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13729 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-05-23 | 4.8 Medium |
| The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13730 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-05-23 | 4.8 Medium |
| The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||