Export limit exceeded: 336352 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336352 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47378 | 1 Wpcom | 1 Wpcom Member | 2025-05-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPCOM WPCOM Member allows Reflected XSS.This issue affects WPCOM Member: from n/a through 1.5.4. | ||||
| CVE-2023-26771 | 1 Taskcafe Project | 1 Taskcafe | 2025-05-27 | 6.5 Medium |
| Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can exploit this vulnerability by uploading a malicious picture which will trigger the payload when the victim opens the file. | ||||
| CVE-2023-26770 | 1 Taskcafe Project | 1 Taskcafe | 2025-05-27 | 9.8 Critical |
| TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. | ||||
| CVE-2025-2872 | 2025-05-27 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-47577. Reason: This candidate is a reservation duplicate of CVE-2025-47577. Notes: All CVE users should reference CVE-2025-47577 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2025-05-27 | 6.5 Medium |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41249 | 1 Jenkins | 1 Scm Httpclient | 2025-05-27 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41248 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | 5.3 Medium |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2022-41247 | 1 Jenkins | 1 Bigpanda Notifier | 2025-05-27 | 4.3 Medium |
| Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | ||||
| CVE-2022-41246 | 1 Jenkins | 1 Worksoft Execution Manager | 2025-05-27 | 6.5 Medium |
| A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-40754 | 1 Apache | 1 Airflow | 2025-05-27 | 6.1 Medium |
| In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | ||||
| CVE-2022-40604 | 1 Apache | 1 Airflow | 2025-05-27 | 7.5 High |
| In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | ||||
| CVE-2022-39975 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-27 | 4.3 Medium |
| The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation. | ||||
| CVE-2022-38928 | 1 Xpdfreader | 1 Xpdf | 2025-05-27 | 7.8 High |
| XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. | ||||
| CVE-2022-37877 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-05-27 | 7.8 High |
| A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and below. Aruba has released upgrades for Aruba ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-37246 | 1 Craftcms | 1 Craft Cms | 2025-05-27 | 5.4 Medium |
| Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | ||||
| CVE-2022-37026 | 2 Erlang, Redhat | 2 Erlang\/otp, Openstack | 2025-05-27 | 9.8 Critical |
| In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. | ||||
| CVE-2022-35085 | 1 Swftools | 1 Swftools | 2025-05-27 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. | ||||
| CVE-2022-32882 | 1 Apple | 1 Macos | 2025-05-27 | 9.8 Critical |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-32861 | 1 Apple | 2 Macos, Safari | 2025-05-27 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. A user may be tracked through their IP address. | ||||
| CVE-2022-32211 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-27 | 8.8 High |
| A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an attacker to retrieve a reset password token through or a 2fa secret. | ||||