Export limit exceeded: 335170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3463 | 2025-05-19 | N/A | ||
| "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-3462 | 2025-05-19 | N/A | ||
| "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-4921 | 2025-05-18 | N/A | ||
| Duplicate of CVE-2025-4919 | ||||
| CVE-2025-4920 | 2025-05-18 | N/A | ||
| Duplicate of CVE-2025-4918 | ||||
| CVE-2024-12950 | 1 Code-projects | 1 Travel Management System | 2025-05-18 | 6.3 Medium |
| A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13965 | 2025-05-17 | N/A | ||
| wrong year | ||||
| CVE-2024-13964 | 2025-05-17 | N/A | ||
| wrong year | ||||
| CVE-2025-2605 | 1 Honeywell | 4 Mb-secure, Mb-secure Firmware, Mb-secure Pro and 1 more | 2025-05-17 | 9.9 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Honeywell MB-Secure allows Privilege Abuse. This issue affects MB-Secure: from V11.04 before V12.53 and MB-Secure PRO from V01.06 before V03.09.Honeywell also recommends updating to the most recent version of this product. | ||||
| CVE-2024-9305 | 1 Apppresser | 1 Apppresser | 2025-05-17 | 8.1 High |
| The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the appp_reset_password() and validate_reset_password() functions not having enough controls to prevent a successful brute force attack of the OTP to change a password, or verify that a password reset request came from an authorized user. This makes it possible for unauthenticated attackers to generate and brute force an OTP that makes it possible to change any users passwords, including an administrator. | ||||
| CVE-2024-57776 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57774 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57773 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57771 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-57772 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-05-17 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-12587 | 1 Edmonparker | 1 Contact Form Master | 2025-05-17 | 6.1 Medium |
| The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12715 | 1 Outself | 1 Asgard Security Scanner | 2025-05-17 | 6.1 Medium |
| The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12714 | 1 Syedfakharabbas | 1 Backlink Monitoring Manager | 2025-05-17 | 6.1 Medium |
| The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-10568 | 1 Wp-dreams | 1 Ajax Search | 2025-05-17 | 4.7 Medium |
| The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10518 | 1 Properfraction | 1 Profilepress | 2025-05-17 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10517 | 1 Properfraction | 1 Profilepress | 2025-05-17 | 4.8 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||