Export limit exceeded: 337984 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337984 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45239 | 1 Qianfox | 1 Foxcms | 2025-06-12 | 5.3 Medium |
| An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal. | ||||
| CVE-2025-4327 | 1 Mrcms | 1 Mrcms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | ||||
| CVE-2025-4329 | 1 74cms | 1 74cms | 2025-06-12 | 4.3 Medium |
| A vulnerability was found in 74CMS up to 3.33.0. It has been rated as problematic. Affected by this issue is the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | 7.8 High |
| An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | ||||
| CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44105 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.2 High |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | ||||
| CVE-2024-44104 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44103 | 1 Ivanti | 2 Automation, Workspace Control | 2025-06-12 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-44073 | 1 Seacms | 1 Seacms | 2025-06-12 | 9.8 Critical |
| SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. | ||||
| CVE-2024-12595 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | 4.7 Medium |
| The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2024-11645 | 1 Computy | 1 Float Block | 2025-06-12 | 4.8 Medium |
| The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11605 | 1 Wp-publications Project | 1 Wp-publications | 2025-06-12 | 4.8 Medium |
| The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-10103 | 2 Automattic, Mailpoet | 2 Mailpoet, Mailpoet | 2025-06-12 | 6.1 Medium |
| In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | ||||
| CVE-2024-6270 | 1 Community Events Project | 1 Community Events | 2025-06-12 | 4.8 Medium |
| The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | 7.2 High |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | ||||
| CVE-2024-11267 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-12 | 8.8 High |
| The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | ||||
| CVE-2025-2048 | 1 Lana | 1 Lana Downloads Manager | 2025-06-12 | 4.1 Medium |
| The Lana Downloads Manager WordPress plugin before 1.10.0 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks and download arbitrary files on the server | ||||
| CVE-2024-12736 | 1 Bu | 1 Bu Section Editing | 2025-06-12 | 6.1 Medium |
| The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-11606 | 1 Tabs Shortcode Project | 1 Tabs Shortcode | 2025-06-12 | 5.3 Medium |
| The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||