Export limit exceeded: 338086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338086 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47885 | 1 Jenkins | 1 Health Advisor By Cloudbees | 2025-06-12 | 8.8 High |
| Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Jenkins Health Advisor server responses. | ||||
| CVE-2025-47886 | 1 Jenkins | 1 Cadence Vmanager | 2025-06-12 | 4.3 Medium |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2025-47887 | 1 Jenkins | 1 Cadence Vmanager | 2025-06-12 | 4.3 Medium |
| Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. | ||||
| CVE-2025-47888 | 1 Jenkins | 1 Dingtalk | 2025-06-12 | 5.9 Medium |
| Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. | ||||
| CVE-2025-47889 | 1 Jenkins | 1 Wso2 Oauth | 2025-06-12 | 9.8 Critical |
| In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers using this security realm using any username and any password, including usernames that do not exist. | ||||
| CVE-2025-46052 | 1 Weberp | 1 Weberp | 2025-06-12 | 9.8 Critical |
| An error-based SQL Injection (SQLi) vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php | ||||
| CVE-2025-46053 | 1 Weberp | 1 Weberp | 2025-06-12 | 5.1 Medium |
| A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php | ||||
| CVE-2025-48051 | 1 Lichess | 1 Powertip.ts | 2025-06-12 | 4.7 Medium |
| powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML. | ||||
| CVE-2025-4541 | 1 Lmxcms | 1 Lmxcms | 2025-06-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-49822 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49821 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49820 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49819 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49818 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49817 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49816 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49815 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2025-49814 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2023-36636 | 2025-06-12 | N/A | ||
| Not used | ||||
| CVE-2024-45516 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-06-11 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed <img> tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction. | ||||