Export limit exceeded: 328762 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328762 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41800 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-04-23 | 8.7 High |
| In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-4725 | 1 Sayandatta | 1 Simple Posts Ticker | 2025-04-23 | 4.8 Medium |
| The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2025-3268 | 1 Qinguoyi | 1 Tinywebserver | 2025-04-23 | 5.3 Medium |
| A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and classified as critical. This vulnerability affects unknown code of the file http/http_conn.cpp. The manipulation of the argument m_url_real leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3380 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46494 | 1 Typecho | 1 Typecho | 2025-04-23 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. | ||||
| CVE-2025-46224 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46223 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46222 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46221 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46220 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46219 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46218 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46217 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2025-46216 | 2025-04-23 | N/A | ||
| Not used | ||||
| CVE-2024-29392 | 1 Silverpeas | 1 Silverpeas | 2025-04-23 | 5.4 Medium |
| Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. | ||||
| CVE-2023-40492 | 1 Lg | 1 Simple Editor | 2025-04-23 | 9.1 Critical |
| LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCheckSession method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19919. | ||||
| CVE-2024-2345 | 1 Ninjateam | 1 Filebird | 2025-04-23 | 6.4 Medium |
| The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-33102 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. | ||||
| CVE-2024-33101 | 1 Thinksaas | 1 Thinksaas | 2025-04-23 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. | ||||
| CVE-2024-33338 | 1 Jizhicms | 1 Jizhicms | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. | ||||