Export limit exceeded: 338637 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338637 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21648 | 1 Xwiki | 1 Xwiki | 2025-06-17 | 8 High |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. | ||||
| CVE-2024-21644 | 1 Pyload | 1 Pyload | 2025-06-17 | 7.5 High |
| pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. | ||||
| CVE-2024-0307 | 1 Lopalopa | 1 Dynamic Lab Management System | 2025-06-17 | 7.3 High |
| A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0306 | 1 Lopalopa | 1 Dynamic Lab Management System | 2025-06-17 | 7.3 High |
| A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. | ||||
| CVE-2024-0303 | 1 Youke365 | 1 Youke 365 | 2025-06-17 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0301 | 1 Fhs-opensource | 1 Iparking | 2025-06-17 | 6.3 Medium |
| A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868. | ||||
| CVE-2024-0294 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-06-17 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7218 | 1 Totolink | 2 N350rt, N350rt Firmware | 2025-06-17 | 7.2 High |
| A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-52225 | 1 Taggbox | 1 Taggbox | 2025-06-17 | 10 Critical |
| Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. | ||||
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2025-06-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | ||||
| CVE-2023-52215 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2025-06-17 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. | ||||
| CVE-2023-52213 | 1 Videowhisper | 1 Rate Star Review | 2025-06-17 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review – AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review – AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. | ||||
| CVE-2023-52204 | 1 Javik | 1 Randomize | 2025-06-17 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. | ||||
| CVE-2023-52200 | 1 Reputeinfosystems | 1 Armember | 2025-06-17 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | ||||
| CVE-2023-52198 | 1 Michielvaneerd | 1 Private Google Calendars | 2025-06-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125. | ||||
| CVE-2023-52197 | 1 Impactpixel | 1 Ads Invalid Click Protection | 2025-06-17 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0. | ||||
| CVE-2023-52196 | 1 Ewels | 1 Cpt Bootstrap Carousel | 2025-06-17 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12. | ||||
| CVE-2023-52142 | 1 Coolplugins | 1 Events Shortcodes For The Events Calendar | 2025-06-17 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1. | ||||
| CVE-2023-51406 | 1 Ninjateam | 1 Fastdup | 2025-06-17 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. | ||||
| CVE-2025-5671 | 1 Totolink | 2 N302r Plus, N302r Plus Firmware | 2025-06-17 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||