Export limit exceeded: 334723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334723 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3236 | 1 Ghozylab | 1 Popup Builder | 2025-05-13 | 5.4 Medium |
| The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-4305 | 2 Wpdownloadmanager, Wpxpo | 2 Gutenberg Blocks For Wordpress Download Manager, Postx | 2025-05-13 | 6.8 Medium |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-28595 | 1 Walterjnr1 | 1 Employee Management System | 2025-05-13 | 9.8 Critical |
| SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. | ||||
| CVE-2023-22652 | 2 Opensuse, Redhat | 2 Libeconf, Enterprise Linux | 2025-05-13 | 3.3 Low |
| A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. | ||||
| CVE-2024-31008 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-13 | 6.5 Medium |
| An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code and obtain sensitive information via the index.php file. | ||||
| CVE-2024-2369 | 1 Godaddy | 1 Coblocks | 2025-05-13 | 5.4 Medium |
| The Page Builder Gutenberg Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2263 | 1 Themify | 1 Woocommerce Product Filter | 2025-05-13 | 4.8 Medium |
| Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-2262 | 1 Themify | 1 Woocommerce Product Filter | 2025-05-13 | 4.7 Medium |
| Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs | ||||
| CVE-2024-32325 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-05-13 | 2.4 Low |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. | ||||
| CVE-2024-1846 | 1 Wpdarko | 1 Responsive Tabs | 2025-05-13 | 5.4 Medium |
| The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-1664 | 1 Bdwm | 1 Responsive Gallery Grid | 2025-05-13 | 6.1 Medium |
| The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-28224 | 1 Ollama | 1 Ollama | 2025-05-13 | 6.6 Medium |
| Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion). | ||||
| CVE-2024-2509 | 1 Kadencewp | 1 Gutenberg Blocks With Ai | 2025-05-13 | 6.5 Medium |
| The Gutenberg Blocks by Kadence Blocks WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-2721 | 1 Sygnoos | 1 Social Media Share Buttons | 2025-05-13 | 8.2 High |
| Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. | ||||
| CVE-2024-26280 | 1 Apache | 1 Airflow | 2025-05-13 | 4.7 Medium |
| Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability | ||||
| CVE-2024-0719 | 1 Otwthemes | 1 Tabs Shortcode And Widget | 2025-05-13 | 5.4 Medium |
| The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-0711 | 1 Otwthemes | 1 Buttons Shortcode And Widget | 2025-05-13 | 6.1 Medium |
| The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-25325 | 1 Walterjnr1 | 1 Employee Management System | 2025-05-12 | 7.1 High |
| SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php. | ||||
| CVE-2024-11861 | 2025-05-12 | 9.8 Critical | ||
| EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. | ||||
| CVE-2023-31585 | 2025-05-12 | 9.8 Critical | ||
| Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. | ||||