Export limit exceeded: 336577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29272 | 2 Givanz, Vvveb | 2 Vvvebjs, Vvvebjs | 2025-05-28 | 6.5 Medium |
| Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. | ||||
| CVE-2024-25168 | 1 Dingflow | 1 Snow | 2025-05-28 | 6.3 Medium |
| SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. | ||||
| CVE-2024-28559 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | 8.8 High |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. | ||||
| CVE-2024-28560 | 1 Niushop | 1 B2b2c Multi-business | 2025-05-28 | 5.4 Medium |
| SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. | ||||
| CVE-2024-30187 | 1 Anope | 1 Anope | 2025-05-28 | 5.3 Medium |
| Anope before 2.0.15 does not prevent resetting the password of a suspended account. | ||||
| CVE-2024-2864 | 1 Kainelabs | 1 Youzify | 2025-05-28 | 7.3 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5. | ||||
| CVE-2024-25807 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. | ||||
| CVE-2024-26557 | 1 Codiad | 1 Codiad | 2025-05-28 | 5.4 Medium |
| Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. | ||||
| CVE-2024-25808 | 1 Lycheeorg | 1 Lychee | 2025-05-28 | 8.3 High |
| Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. | ||||
| CVE-2024-29271 | 2 Givanz, Vvveb | 2 Vvvebjs, Vvvebjs | 2025-05-28 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | ||||
| CVE-2024-3601 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | 5.3 Medium |
| The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_poll_create_author function in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to extract email addresses by enumerating them one character at a time. | ||||
| CVE-2024-9462 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | 5.5 Medium |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Stored Cross-Site Scripting via poll settings in all versions up to, and including, 5.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-9475 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | 4.9 Medium |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the order_by parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-12115 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | 4.3 Medium |
| The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-3600 | 1 Ays-pro | 1 Poll Maker | 2025-05-28 | 7.2 High |
| The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition to insufficient escaping and sanitization in all versions up to, and including, 5.1.8. This makes it possible for unauthenticated attackers to create quizzes and inject malicious web scripts into them that execute when a user visits the page. | ||||
| CVE-2023-41504 | 1 Code-projects | 1 Student Enrollment | 2025-05-28 | 8.8 High |
| SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function. | ||||
| CVE-2023-41505 | 1 Code-projects | 2 Student Enrollment, Student Enrollment In Php | 2025-05-28 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-2847 | 1 Codezips | 1 Gym Management System | 2025-05-28 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2151 | 1 Assimp | 1 Assimp | 2025-05-28 | 6.3 Medium |
| A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::GetNextLine in the library ParsingUtils.h of the component File Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.1 High |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||