Export limit exceeded: 335127 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335127 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0423 | 1 Codeastro | 1 Online Food Ordering System | 2025-05-14 | 3.5 Low |
| A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-29400 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | 7.5 High |
| An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | ||||
| CVE-2024-2907 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2025-05-14 | 6.8 Medium |
| The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-3048 | 1 Web Lid | 1 Bannerlid | 2025-05-14 | 5.5 Medium |
| The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators | ||||
| CVE-2024-3188 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2025-05-14 | 6.3 Medium |
| The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2025-2170 | 1 Sonicwall | 2 Sma1000, Sma1000 Firmware | 2025-05-14 | 7.2 High |
| A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. | ||||
| CVE-2022-3151 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2025-05-14 | 4.3 Medium |
| The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack. | ||||
| CVE-2022-3150 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2025-05-14 | 7.2 High |
| The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin | ||||
| CVE-2024-3239 | 1 Wpxpo | 1 Postx | 2025-05-14 | 5.4 Medium |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-3582 | 2 Markreynolds, Mmond | 2 Ungallery, Ungallery | 2025-05-14 | 4.8 Medium |
| The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-3590 | 1 Themeqx | 1 Letterpress | 2025-05-14 | 6.1 Medium |
| The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers | ||||
| CVE-2024-3903 | 1 Technologicx | 1 Add Custom Css And Js | 2025-05-14 | 7.1 High |
| The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack | ||||
| CVE-2025-22222 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.7 High |
| VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. | ||||
| CVE-2024-3241 | 1 Dotcamp | 1 Ultimate Blocks | 2025-05-14 | 5.4 Medium |
| The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2025-22221 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 5.2 Medium |
| VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. | ||||
| CVE-2025-22219 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 6.8 Medium |
| VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user. | ||||
| CVE-2025-22218 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 8.5 High |
| VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs | ||||
| CVE-2024-38830 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.8 High |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. | ||||
| CVE-2024-38831 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.8 High |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. | ||||
| CVE-2024-10555 | 1 Maxfoundry | 1 Maxbuttons | 2025-05-14 | 4.8 Medium |
| The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||