Export limit exceeded: 336187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7746 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2903 | 1 Ninjaforms | 1 Ninja Forms | 2025-05-21 | 7.2 High |
| The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | ||||
| CVE-2025-24661 | 2025-05-21 | 8.8 High | ||
| Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8. | ||||
| CVE-2024-5488 | 1 Seopress | 1 Seopress | 2025-05-21 | 9.8 Critical |
| The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. | ||||
| CVE-2025-0767 | 1 Melapress | 1 Wp Activity Log | 2025-05-21 | 9.8 Critical |
| WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php. | ||||
| CVE-2025-22387 | 1 Optimizely | 1 Configured Commerce | 2025-05-21 | 7.5 High |
| An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking. | ||||
| CVE-2022-40126 | 1 Clash Project | 1 Clash | 2025-05-21 | 7.8 High |
| A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | ||||
| CVE-2022-23716 | 1 Elastic | 1 Elastic Cloud Enterprise | 2025-05-21 | 5.3 Medium |
| A flaw was discovered in ECE before 3.1.1 that could lead to the disclosure of the SAML signing private key used for the RBAC features, in deployment logs in the Logging and Monitoring cluster. | ||||
| CVE-2022-38699 | 1 Asus | 1 Armoury Crate Service | 2025-05-21 | 5.9 Medium |
| Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the system file and disrupt the system. | ||||
| CVE-2022-3292 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-21 | 4.6 Medium |
| Use of Cache Containing Sensitive Information in GitHub repository ikus060/rdiffweb prior to 2.4.8. | ||||
| CVE-2022-3326 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 4.3 Medium |
| Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.9. | ||||
| CVE-2022-3287 | 2 Fwupd, Redhat | 3 Fwupd, Enterprise Linux, Rhel Eus | 2025-05-20 | 6.5 Medium |
| When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | ||||
| CVE-2025-22390 | 1 Optimizely | 1 Optimizely Cms | 2025-05-20 | 7.5 High |
| An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking. | ||||
| CVE-2022-29089 | 1 Dell | 1 Smartfabric Os10 | 2025-05-20 | 6.4 Medium |
| Dell Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an information disclosure vulnerability. A remote, unauthenticated attacker could potentially exploit this vulnerability by reverse engineering to retrieve sensitive information and access the REST API with admin privileges. | ||||
| CVE-2022-40314 | 1 Moodle | 1 Moodle | 2025-05-20 | 9.8 Critical |
| A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | ||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2025-05-20 | 7.5 High |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | ||||
| CVE-2019-1053 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-20 | 6.3 Medium |
| An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system. The security update addresses the vulnerability by correctly validating folder shortcuts. | ||||
| CVE-2019-0986 | 1 Microsoft | 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more | 2025-05-20 | 6.3 Medium |
| An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks. | ||||
| CVE-2025-27192 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-05-20 | 2.7 Low |
| Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Insufficiently Protected Credentials vulnerability that could lead to a security feature bypass. A high privileged attacker could exploit this vulnerability to gain unauthorized access to protected resources by obtaining sensitive credential information. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-4740 | 2025-05-16 | 5.3 Medium | ||
| A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads to deserialization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4742 | 2025-05-16 | 5.3 Medium | ||
| A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||