Export limit exceeded: 336619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22497 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-05-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. | ||||
| CVE-2024-0814 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-30 | 6.5 Medium |
| Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-0812 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-30 | 8.8 High |
| Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0808 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-30 | 9.8 Critical |
| Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | ||||
| CVE-2024-0742 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-30 | 4.3 Medium |
| It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0741 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-30 | 6.5 Medium |
| An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2024-0679 | 1 Themegrill | 1 Colormag | 2025-05-30 | 6.5 Medium |
| The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. | ||||
| CVE-2023-7194 | 1 Meris Wp Theme Project | 1 Meris Wp Theme | 2025-05-30 | 6.1 Medium |
| The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-7170 | 1 Myeventon | 1 Rsvp Events | 2025-05-30 | 6.1 Medium |
| The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-7063 | 1 Wpforms | 1 Wpforms | 2025-05-30 | 7.2 High |
| The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2023-6626 | 1 Gravitymaster | 1 Product Enquiry For Woocommerce | 2025-05-30 | 4.8 Medium |
| The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-52353 | 1 Arm | 1 Mbed Tls | 2025-05-30 | 7.5 High |
| An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum. | ||||
| CVE-2023-52046 | 1 Webmin | 1 Webmin | 2025-05-30 | 4.8 Medium |
| Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field. | ||||
| CVE-2023-52039 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. | ||||
| CVE-2023-52038 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-05-30 | 9.8 Critical |
| An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. | ||||
| CVE-2023-51926 | 1 Yonyou | 1 Yonbip | 2025-05-30 | 7.5 High |
| YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | ||||
| CVE-2023-51892 | 1 Weaver | 1 E-cology | 2025-05-30 | 9.8 Critical |
| An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | ||||
| CVE-2023-51886 | 1 Ctan | 1 Mathtex | 2025-05-30 | 7.5 High |
| Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. | ||||
| CVE-2023-51885 | 1 Ctan | 1 Mathtex | 2025-05-30 | 9.8 Critical |
| Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. | ||||
| CVE-2023-50943 | 1 Apache | 1 Airflow | 2025-05-30 | 7.5 High |
| Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. | ||||