Export limit exceeded: 334358 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334358 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3394 | 1 Soflyy | 1 Wp All Export | 2025-05-07 | 7.2 High |
| The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | ||||
| CVE-2022-3393 | 1 Bestwebsoft | 1 Post To Csv | 2025-05-07 | 9.8 Critical |
| The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | ||||
| CVE-2022-3392 | 1 Wp Humans.txt Project | 1 Wp Humans.txt | 2025-05-07 | 4.8 Medium |
| The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-38060 | 2 Openstack, Redhat | 2 Kolla, Openstack | 2025-05-07 | 8.8 High |
| A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | ||||
| CVE-2022-33757 | 1 Tenable | 1 Nessus | 2025-05-07 | 6.5 Medium |
| An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance. | ||||
| CVE-2022-33184 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 7.8 High |
| A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account. | ||||
| CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 8.8 High |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | ||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 7.8 High |
| A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | ||||
| CVE-2022-33181 | 1 Broadcom | 1 Fabric Operating System | 2025-05-07 | 5.5 Medium |
| An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”. | ||||
| CVE-2022-2508 | 1 Octopus | 1 Octopus Server | 2025-05-07 | 5.3 Medium |
| In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging. | ||||
| CVE-2022-2190 | 1 Enviragallery | 1 Envira Gallery | 2025-05-07 | 6.1 Medium |
| The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2022-2167 | 1 Tagdiv | 1 Newspaper | 2025-05-07 | 6.1 Medium |
| The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-29851 | 1 Open-xchange | 1 Ox App Suite | 2025-05-07 | 9.8 Critical |
| documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | ||||
| CVE-2022-27583 | 1 Sick | 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more | 2025-05-07 | 9.1 Critical |
| A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | ||||
| CVE-2021-42777 | 1 Stimulsoft | 1 Reports | 2025-05-07 | 9.8 Critical |
| Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start. | ||||
| CVE-2021-40661 | 1 Mt | 2 Ind780, Ind780 Firmware | 2025-05-07 | 7.5 High |
| A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future. | ||||
| CVE-2021-40241 | 1 Xfig Project | 1 Xfig | 2025-05-07 | 9.8 Critical |
| xfig 3.2.7 is vulnerable to Buffer Overflow. | ||||
| CVE-2021-38728 | 1 Sem-cms | 1 Semcms | 2025-05-07 | 6.1 Medium |
| SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php. | ||||
| CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-05-07 | 9.8 Critical |
| D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. | ||||
| CVE-2024-52553 | 1 Jenkins | 2 Openid, Openid Connect Authentication | 2025-05-07 | 8.8 High |
| Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. | ||||