Export limit exceeded: 338254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10214 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57894 | 1 Redhat | 1 Enterprise Linux | 2025-03-28 | 5.5 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-47260 | 2025-03-28 | 6.5 Medium | ||
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-4886 | 1 Buddyboss | 1 Buddyboss Platform | 2025-03-27 | 4.3 Medium |
| The contains an IDOR vulnerability that allows a user to comment on a private post by manipulating the ID included in the request | ||||
| CVE-2023-22322 | 1 Omron | 1 Cx-motion Pro | 2025-03-27 | 5.5 Medium |
| Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. | ||||
| CVE-2024-1671 | 1 Google | 1 Chrome | 2025-03-27 | 6.5 Medium |
| Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-50380 | 1 Apache | 1 Ambari | 2025-03-27 | 6.5 Medium |
| XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation. This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges. | ||||
| CVE-2022-47697 | 1 Comfast Project | 2 Cf-wr623n, Cf-wr623n Firmware | 2025-03-27 | 9.8 Critical |
| COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts. | ||||
| CVE-2025-30885 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Form – Contact Form Plugin allows Phishing. This issue affects Bit Form – Contact Form Plugin: from n/a through 2.18.0. | ||||
| CVE-2025-30884 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bit Apps Bit Integrations allows Phishing. This issue affects Bit Integrations: from n/a through 2.4.10. | ||||
| CVE-2025-30859 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ali2woo AliNext allows Phishing. This issue affects AliNext: from n/a through 3.5.1. | ||||
| CVE-2025-30795 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.5.1. | ||||
| CVE-2025-30781 | 2025-03-27 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce allows Phishing. This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through 3.7.1. | ||||
| CVE-2025-30777 | 2025-03-27 | 4.3 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in PalsCode Support Genix allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Support Genix: from n/a through 1.4.11. | ||||
| CVE-2022-34888 | 1 Lenovo | 196 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 193 more | 2025-03-27 | 2.7 Low |
| The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. | ||||
| CVE-2023-49234 | 2025-03-27 | 6.3 Medium | ||
| An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server. | ||||
| CVE-2022-37034 | 1 Dotcms | 1 Dotcms | 2025-03-27 | 5.3 Medium |
| In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. | ||||
| CVE-2024-55231 | 1 Phpgurukul | 1 Online Notes Sharing Management System | 2025-03-27 | 4.3 Medium |
| An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information. | ||||
| CVE-2024-12062 | 1 Nicheaddons | 1 Charity Addon For Elementor | 2025-03-27 | 4.3 Medium |
| The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | ||||
| CVE-2024-33818 | 1 Globitel | 1 Speechlog | 2025-03-27 | 7.5 High |
| Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. | ||||
| CVE-2024-13558 | 1 Neahplugins | 1 Np Quote Request For Woocommerce | 2025-03-27 | 7.5 High |
| The NP Quote Request for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.179 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to read the content of quote requests. | ||||