Export limit exceeded: 336650 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336650 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-20015 | 1 Smokeping | 1 Smokeping | 2025-05-29 | 7.5 High |
| In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown. | ||||
| CVE-2023-38003 | 1 Ibm | 1 Db2 | 2025-05-29 | 7.2 High |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214. | ||||
| CVE-2022-3079 | 1 Festo | 4 Cpx-cec-c1, Cpx-cec-c1 Firmware, Cpx-cmxx and 1 more | 2025-05-29 | 7.5 High |
| Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. | ||||
| CVE-2025-46673 | 1 Nasa | 1 Cryptolib | 2025-05-29 | 4.9 Medium |
| NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS). | ||||
| CVE-2025-46674 | 1 Nasa | 1 Cryptolib | 2025-05-29 | 3.5 Low |
| NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. | ||||
| CVE-2024-31099 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | ||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2025-05-29 | 6.1 Medium |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2023-49287 | 1 Cxong | 1 Tinydir | 2025-05-29 | 7.7 High |
| TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6. | ||||
| CVE-2024-3517 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3341 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_gmaps' shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-32167 | 1 Cloudreve | 1 Cloudreve | 2025-05-29 | 5.4 Medium |
| Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation. | ||||
| CVE-2024-1533 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML Element in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Requires Elementor and the Phlox theme to be installed. | ||||
| CVE-2024-1396 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-40459 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2025-05-29 | 7.5 High |
| The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. | ||||
| CVE-2023-37888 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 7.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0. | ||||
| CVE-2023-40463 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2025-05-29 | 8.1 High |
| When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | ||||
| CVE-2022-34746 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2025-05-29 | 5.9 Medium |
| An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface. | ||||
| CVE-2024-1348 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-49293 | 1 Vitejs | 1 Vite | 2025-05-29 | 6.1 Medium |
| Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (`<script type="module">...</script>`), it is possible to inject arbitrary HTML into the transformed output by supplying a malicious URL query string to `server.transformIndexHtml`. Only apps using `appType: 'custom'` and using the default Vite HTML middleware are affected. The HTML entry must also contain an inline script. The attack requires a user to click on a malicious URL while running the dev server. Restricted files aren't exposed to the attacker. This issue has been addressed in vite@5.0.5, vite@4.5.1, and vite@4.4.12. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-2924 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2025-05-29 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. | ||||