Search
Search Results (338277 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47725 | 1 Stvs | 1 Provision | 2026-01-05 | 5.4 Medium |
| STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site. | ||||
| CVE-2021-47743 | 1 Commax | 1 Biometric Access Control System | 2026-01-05 | 6.1 Medium |
| COMMAX Biometric Access Control System 1.0.0 contains an unauthenticated reflected cross-site scripting vulnerability in cookie parameters 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM'. Attackers can inject malicious HTML and JavaScript code into these cookie values to execute arbitrary scripts in a victim's browser session. | ||||
| CVE-2025-12685 | 3 Iqonic, Iqonicdesign, Wordpress | 3 Wpbookit, Wpbookit, Wordpress | 2026-01-05 | 6.5 Medium |
| The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack. | ||||
| CVE-2025-13456 | 2 Shopbuilder, Wordpress | 2 Shopbuilder, Wordpress | 2026-01-05 | 6.1 Medium |
| The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-13153 | 2 Logo Slider Wordpress, Wordpress | 2 Logo Slider Wordpress, Wordpress | 2026-01-05 | 6.1 Medium |
| The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-53594 | 2 Apple, Qnap | 4 Macos, Qfinder Pro, Qsync and 1 more | 2026-01-05 | N/A |
| A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinder Pro Mac 7.13.0 and later Qsync for Mac 5.1.5 and later QVPN Device Client for Mac 2.2.8 and later | ||||
| CVE-2025-3359 | 1 Redhat | 1 Enterprise Linux | 2026-01-05 | 6.2 Medium |
| A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. | ||||
| CVE-2023-53973 | 1 Zillya | 1 Total Security | 2026-01-03 | 8.4 High |
| Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentially enabling system-level access through techniques like DLL hijacking. | ||||
| CVE-2026-21652 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21651 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21650 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21649 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21648 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21647 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21646 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21645 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2026-21644 | 2026-01-03 | N/A | ||
| Not used | ||||
| CVE-2025-14416 | 1 Pdfforge | 1 Pdf Architect | 2026-01-02 | N/A |
| pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DOC files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27503. | ||||
| CVE-2025-14421 | 1 Pdfforge | 1 Pdf Architect | 2026-01-02 | 5.5 Medium |
| pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27915. | ||||
| CVE-2025-14420 | 1 Pdfforge | 1 Pdf Architect | 2026-01-02 | N/A |
| pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CBZ files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27514. | ||||