Export limit exceeded: 335343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335343 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1959 | 1 Spsoftmobile | 1 Applock | 2025-05-20 | 6.6 Medium |
| AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations. | ||||
| CVE-2022-36323 | 1 Siemens | 180 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 177 more | 2025-05-20 | 9.1 Critical |
| Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. | ||||
| CVE-2024-37131 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 7.5 High |
| SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user. | ||||
| CVE-2024-24903 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 8 High |
| Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change. | ||||
| CVE-2024-24904 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 7.6 High |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2024-24906 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 7.6 High |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2024-24900 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 5.8 Medium |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system. | ||||
| CVE-2024-24905 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 7.6 High |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2024-24907 | 1 Dell | 1 Policy Manager For Secure Connect Gateway | 2025-05-20 | 7.6 High |
| Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2024-5713 | 1 If-so | 1 If-so | 2025-05-20 | 5.4 Medium |
| The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | ||||
| CVE-2024-5715 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-20 | 7.1 High |
| The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-6231 | 1 Emarketdesign | 1 Request A Quote | 2025-05-20 | 5.9 Medium |
| The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-4724 | 1 Soflyy | 2 Export Any Wordpress Data To Xml\/csv, Wp All Export | 2025-05-20 | 7.2 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server | ||||
| CVE-2022-41406 | 1 Church Management System Project | 1 Church Management System | 2025-05-20 | 7.2 High |
| An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-41191 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-05-20 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-40931 | 1 Dutchcoders | 1 Transfer.sh | 2025-05-20 | 6.1 Medium |
| dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-39168 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Robotic Process Automation For Services | 2025-05-20 | 7.5 High |
| IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422. | ||||
| CVE-2022-38732 | 1 Netapp | 1 Snapcenter | 2025-05-20 | 7.5 High |
| SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. | ||||
| CVE-2019-1105 | 1 Microsoft | 1 Outlook | 2025-05-20 | N/A |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages. | ||||
| CVE-2019-1081 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2025-05-20 | 4.2 Medium |
| An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory. | ||||