Export limit exceeded: 333690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3506 | 1 Never5 | 1 Related Posts | 2025-05-14 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. | ||||
| CVE-2024-10102 | 1 Robosoft | 1 Robo Gallery | 2025-05-14 | 2.7 Low |
| The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-8855 | 1 Wpmarka | 1 Wordpress Auction | 2025-05-14 | 9.8 Critical |
| The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks | ||||
| CVE-2024-8857 | 1 Wpmarka | 1 Wordpress Auction | 2025-05-14 | 4.8 Medium |
| The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-3819 | 1 Phpgurukul | 1 Men Salon Management System | 2025-05-14 | 7.3 High |
| A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-43958 | 1 Kishan0725 | 1 Hospital Management System | 2025-05-14 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | ||||
| CVE-2025-29568 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-14 | 4.8 Medium |
| A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | ||||
| CVE-2025-44134 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-14 | 6.5 Medium |
| A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks. | ||||
| CVE-2025-44135 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-14 | 6.5 Medium |
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks. | ||||
| CVE-2025-0793 | 1 Esafenet | 1 Cdg | 2025-05-13 | 6.3 Medium |
| A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0794 | 1 Esafenet | 1 Cdg | 2025-05-13 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0795 | 1 Esafenet | 1 Cdg | 2025-05-13 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45627 | 1 Apache | 1 Linkis | 2025-05-13 | 5.9 Medium |
| In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0. | ||||
| CVE-2024-9020 | 1 Fernandobriano | 1 List Category Posts | 2025-05-13 | 5.4 Medium |
| The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-12321 | 1 Codexpert | 1 Wc Affiliate | 2025-05-13 | 7.1 High |
| The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2022-22128 | 1 Tableau | 1 Tableau Server | 2025-05-13 | 9.8 Critical |
| Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. | ||||
| CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2025-05-13 | 8.8 High |
| A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | ||||
| CVE-2019-14840 | 1 Redhat | 1 Decision Manager | 2025-05-13 | 7.5 High |
| A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | ||||
| CVE-2017-7517 | 1 Redhat | 1 Openshift | 2025-05-13 | 3.5 Low |
| An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance. | ||||
| CVE-2024-13052 | 1 Healthygrid | 1 Dental Optimizer Patient Generator App | 2025-05-13 | 7.1 High |
| The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||