Export limit exceeded: 336746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336746 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48926 | 1 Prestashop | 1 Advanced Loyalty Program | 2025-06-02 | 5.3 Medium |
| An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. | ||||
| CVE-2023-3178 | 1 Wpexperts | 1 Post Smtp | 2025-06-02 | 4.3 Medium |
| The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. | ||||
| CVE-2023-39691 | 1 Kodcloud | 1 Kodbox | 2025-06-02 | 9.8 Critical |
| An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request. | ||||
| CVE-2023-2655 | 1 Web-dorado | 1 Contact Form Maker | 2025-06-02 | 7.2 High |
| The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | ||||
| CVE-2023-0079 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2025-06-02 | 5.4 Medium |
| The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-3899 | 1 3dprint Project | 1 3dprint | 2025-06-02 | 8.1 High |
| The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form. | ||||
| CVE-2022-1760 | 1 Dd32 | 1 Core Control | 2025-06-02 | 4.3 Medium |
| The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2022-1609 | 1 Weblizar | 1 School Management | 2025-06-02 | 9.8 Critical |
| The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | ||||
| CVE-2021-4227 | 1 Obg | 1 Ark Wysiwyg Comment Editor | 2025-06-02 | 5.3 Medium |
| The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section | ||||
| CVE-2021-24869 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-06-02 | 8.8 High |
| The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber | ||||
| CVE-2021-24433 | 1 Yukimichi | 1 Simple Sort\&search | 2025-06-02 | 5.4 Medium |
| The simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor | ||||
| CVE-2025-30466 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-02 | 9.8 Critical |
| This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy. | ||||
| CVE-2025-31189 | 1 Apple | 1 Macos | 2025-06-02 | 8.2 High |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. | ||||
| CVE-2025-31198 | 1 Apple | 1 Macos | 2025-06-02 | 5.5 Medium |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A path handling issue was addressed with improved validation. | ||||
| CVE-2025-31199 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-02 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. | ||||
| CVE-2025-31231 | 1 Apple | 1 Macos | 2025-06-02 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information. | ||||
| CVE-2025-31261 | 1 Apple | 1 Macos | 2025-06-02 | 5.5 Medium |
| A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. | ||||
| CVE-2025-31263 | 1 Apple | 1 Macos | 2025-06-02 | 9.1 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory. | ||||
| CVE-2025-31264 | 1 Apple | 1 Macos | 2025-06-02 | 4.6 Medium |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2024-35753 | 1 Templatesnext | 1 Onepager | 2025-06-02 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext OnePager allows Stored XSS.This issue affects TemplatesNext OnePager: from n/a through 1.3.3. | ||||