Export limit exceeded: 338063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46981 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46979 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46978 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46977 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46976 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-44115 | 1 Cotonti | 1 Cotonti Siena | 2025-06-13 | 5.4 Medium |
| A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. | ||||
| CVE-2024-57459 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | 7.3 High |
| A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | ||||
| CVE-2024-31503 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-06-13 | 7.5 High |
| Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover. | ||||
| CVE-2024-37821 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-06-13 | 8.8 High |
| An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. | ||||
| CVE-2024-33900 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | 6.5 Medium |
| KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | ||||
| CVE-2023-52115 | 1 Huawei | 1 Harmonyos | 2025-06-13 | 7.5 High |
| The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions. | ||||
| CVE-2023-52074 | 1 Flycms Project | 1 Flycms | 2025-06-13 | 8.8 High |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | ||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2025-06-13 | 9.8 Critical |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | ||||
| CVE-2022-4976 | 2025-06-13 | 9.8 Critical | ||
| Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. | ||||
| CVE-2024-33901 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | 6.5 Medium |
| Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | ||||
| CVE-2024-32407 | 2 Inducer, Inducer | 2 Relate, Relate | 2025-06-13 | 8.8 High |
| An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. | ||||
| CVE-2024-32405 | 2 Inducer, Inducer | 2 Relate, Relate | 2025-06-13 | 2.6 Low |
| Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. | ||||
| CVE-2023-6779 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2025-06-13 | 8.2 High |
| An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. | ||||
| CVE-2025-26013 | 1 Olajowon | 1 Loggrove | 2025-06-13 | 8.2 High |
| An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component. | ||||
| CVE-2025-26014 | 1 Olajowon | 1 Loggrove | 2025-06-13 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. | ||||