Export limit exceeded: 336671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336671 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22647 | 1 Seopanel | 1 Seo Panel | 2025-05-29 | 5.3 Medium |
| An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | ||||
| CVE-2024-1069 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2025-05-29 | 7.2 High |
| The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-1060 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-29 | 8.8 High |
| Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-6165 | 1 Benaceur-php | 1 Restrict Usernames Emails Characters | 2025-05-29 | 4.8 Medium |
| The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2023-51982 | 1 Cratedb | 1 Cratedb | 2025-05-29 | 9.8 Critical |
| CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI directly using the default user identity.(https://github.com/crate/crate/issues/15231) | ||||
| CVE-2023-51843 | 1 Flatlogic | 1 React Dashboard | 2025-05-29 | 8.2 High |
| react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set. | ||||
| CVE-2023-51837 | 1 Meshcentral | 1 Meshcentral | 2025-05-29 | 9.8 Critical |
| Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | ||||
| CVE-2023-42706 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 5.5 Medium |
| In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42698 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 5.5 Medium |
| In omacp service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | ||||
| CVE-2023-42685 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 7.8 High |
| In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2023-42681 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-29 | 7.8 High |
| In ion service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | ||||
| CVE-2023-37518 | 1 Hcltech | 1 Bigfix Servicenow Data Flow | 2025-05-29 | 6.4 Medium |
| HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | ||||
| CVE-2023-36259 | 1 Craftcms | 1 Craft Cms | 2025-05-29 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation. | ||||
| CVE-2023-24049 | 1 Connectize | 2 Ac21000 G6, Ac21000 G6 Firmware | 2025-05-29 | 9.8 Critical |
| An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | ||||
| CVE-2022-35068 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d. | ||||
| CVE-2022-35067 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0. | ||||
| CVE-2022-35066 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8. | ||||
| CVE-2022-35065 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. | ||||
| CVE-2022-35064 | 1 Otfcc Project | 1 Otfcc | 2025-05-29 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset. | ||||
| CVE-2024-23873 | 1 Ajaysharma | 1 Cups Easy | 2025-05-29 | 8.2 High |
| A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. | ||||