Export limit exceeded: 337224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337224 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337224 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2989 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2025-06-05 | 7.1 High |
| An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-2669 | 1 Wp Taxonomy Import Project | 1 Wp Taxonomy Import | 2025-06-05 | 6.1 Medium |
| The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2022-2654 | 1 Radiustheme | 4 Classified Listing, Classified Listing Store \& Membership, Classima and 1 more | 2025-06-05 | 6.1 Medium |
| The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-20392 | 1 Google | 1 Android | 2025-06-05 | 7.8 High |
| In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-213323615 | ||||
| CVE-2022-20389 | 1 Google | 1 Android | 2025-06-05 | 9.8 Critical |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | ||||
| CVE-2022-20388 | 1 Google | 1 Android | 2025-06-05 | 9.8 Critical |
| Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | ||||
| CVE-2024-22919 | 1 Swftools | 1 Swftools | 2025-06-05 | 7.8 High |
| swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | ||||
| CVE-2024-22851 | 1 Liveconfig | 1 Liveconfig | 2025-06-05 | 7.5 High |
| Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | ||||
| CVE-2024-22817 | 1 Flycms Project | 1 Flycms | 2025-06-05 | 8.8 High |
| FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte | ||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2025-06-05 | 8.1 High |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | ||||
| CVE-2024-22548 | 1 Flycms Project | 1 Flycms | 2025-06-05 | 5.4 Medium |
| FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. | ||||
| CVE-2024-22496 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-05 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. | ||||
| CVE-2024-22491 | 1 Beetl-bbs Project | 1 Beetl-bbs | 2025-06-05 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. | ||||
| CVE-2024-22108 | 1 Gttb | 1 Gtb Central Console | 2025-06-05 | 9.8 Critical |
| An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value. | ||||
| CVE-2024-22075 | 1 Firefly-iii | 1 Firefly Iii | 2025-06-05 | 6.1 Medium |
| Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | ||||
| CVE-2024-11083 | 2 Profilepress, Properfraction | 2 Loginwp, Profilepress | 2025-06-05 | 5.3 Medium |
| The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-11024 | 1 Apppresser | 1 Apppresser | 2025-06-05 | 9.8 Critical |
| The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account. | ||||
| CVE-2024-11199 | 1 Rescuethemes | 1 Rescue Shortcodes | 2025-06-05 | 6.4 Medium |
| The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10802 | 1 Hashthemes | 1 Hash Elements | 2025-06-05 | 5.3 Medium |
| The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7. This makes it possible for unauthenticated attackers to retrieve draft post titles that should not be accessible to unauthenticated users. | ||||
| CVE-2024-10627 | 2 Support Ticket System Project, Vanquish | 2 Support Ticket System, Woocommerce Support Ticket System | 2025-06-05 | 9.8 Critical |
| The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||