Export limit exceeded: 336559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336559 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37227 | 1 Loftware | 1 Spectrum | 2025-05-29 | 9.8 Critical |
| Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. | ||||
| CVE-2023-37231 | 1 Loftware | 1 Spectrum | 2025-05-29 | 9.8 Critical |
| Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. | ||||
| CVE-2023-43953 | 1 Sscms | 1 Sscms | 2025-05-29 | 5.4 Medium |
| SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | ||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | 9.8 Critical |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | ||||
| CVE-2024-51108 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-29 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. | ||||
| CVE-2024-51107 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-29 | 4.8 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. | ||||
| CVE-2024-51101 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-05-29 | 9.8 Critical |
| PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. | ||||
| CVE-2024-48702 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-05-29 | 5.4 Medium |
| PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. | ||||
| CVE-2024-24140 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-29 | 7.2 High |
| Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' | ||||
| CVE-2024-24134 | 1 Remyandrade | 1 Online Food Menu | 2025-05-29 | 4.8 Medium |
| Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. | ||||
| CVE-2024-23739 | 2 Apple, Discord | 2 Macos, Discord | 2025-05-29 | 9.8 Critical |
| An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | ||||
| CVE-2024-22639 | 1 Igalerie | 1 Igalerie | 2025-05-29 | 6.1 Medium |
| iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. | ||||
| CVE-2024-22559 | 1 Lightcms Project | 1 Lightcms | 2025-05-29 | 5.4 Medium |
| LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. | ||||
| CVE-2024-22551 | 1 Ushainformatique | 1 Whatacart | 2025-05-29 | 6.1 Medium |
| WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. | ||||
| CVE-2024-22545 | 1 Trendnet | 2 Tew-824dru, Tew-824dru Firmware | 2025-05-29 | 7.8 High |
| An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. | ||||
| CVE-2024-20253 | 1 Cisco | 5 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unified Contact Center Express and 2 more | 2025-05-29 | 9.9 Critical |
| A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. | ||||
| CVE-2024-0824 | 1 Devscred | 1 Exclusive Addons For Elementor | 2025-05-29 | 6.4 Medium |
| The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-0625 | 1 Wpfront | 1 Wpfront Notification Bar | 2025-05-29 | 4.4 Medium |
| The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2023-7199 | 1 Relevanssi | 1 Relevanssi | 2025-05-29 | 5.3 Medium |
| The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | ||||
| CVE-2023-6530 | 1 Theme-junkie | 1 Tj Shortcodes | 2025-05-29 | 5.4 Medium |
| The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||