Export limit exceeded: 334984 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334984 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42218 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2025-05-13 | 7.2 High |
| Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php. | ||||
| CVE-2022-42202 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-05-13 | 6.1 Medium |
| TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2025-05-13 | 7.5 High |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2022-42165 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-05-13 | 9.8 Critical |
| Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName. | ||||
| CVE-2022-42116 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-13 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter. | ||||
| CVE-2022-42115 | 1 Liferay | 1 Liferay Portal | 2025-05-13 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field. | ||||
| CVE-2022-40889 | 1 Phpok | 1 Phpok | 2025-05-13 | 9.8 Critical |
| Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php. | ||||
| CVE-2022-3569 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-05-13 | 7.8 High |
| Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | ||||
| CVE-2022-39198 | 1 Apache | 1 Dubbo | 2025-05-13 | 9.8 Critical |
| A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version 3.1.0 and prior versions. | ||||
| CVE-2022-38743 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2025-05-13 | 8.8 High |
| Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. | ||||
| CVE-2022-36439 | 1 Asus | 3 Asusliveupdate, Asussoftwaremanger, System Control Interface | 2025-05-13 | 6 Medium |
| AsusSoftwareManager.exe in ASUS System Control Interface on ASUS personal computers (running Windows) allows a local user to write into the Temp directory and delete another more privileged file via SYSTEM privileges. This affects ASUS System Control Interface 3 before 3.1.5.0, AsusSoftwareManger.exe before 1.0.53.0, and AsusLiveUpdate.dll before 1.0.45.0. | ||||
| CVE-2022-36438 | 1 Asus | 2 Asusswitch, System Control Interface | 2025-05-13 | 7.8 High |
| AsusSwitch.exe on ASUS personal computers (running Windows) sets weak file permissions, leading to local privilege escalation (this also can be used to delete files within the system arbitrarily). This affects ASUS System Control Interface 3 before 3.1.5.0, and AsusSwitch.exe before 1.0.10.0. | ||||
| CVE-2021-3305 | 1 Feishu | 1 Feishu | 2025-05-13 | 7.8 High |
| Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path vulnerability. | ||||
| CVE-2020-15853 | 1 Fedoraproject | 1 Supybot-fedora | 2025-05-13 | 5.3 Medium |
| supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS. This takes quite a while to run, and zodbot stops responding to requests during this time. | ||||
| CVE-2025-31103 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | 7.5 High |
| Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server. | ||||
| CVE-2024-27279 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | 6.5 Medium |
| Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files. | ||||
| CVE-2025-32970 | 1 Xwiki | 1 Xwiki | 2025-05-13 | 6.1 Medium |
| XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0. | ||||
| CVE-2024-25559 | 1 Appleple | 1 A-blog Cms | 2025-05-13 | 4.7 Medium |
| URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. | ||||
| CVE-2023-51398 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 8.8 High |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. | ||||
| CVE-2024-3710 | 1 Wpchill | 1 Image Photo Gallery Final Tiles Grid | 2025-05-13 | 6.8 Medium |
| The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | ||||