Export limit exceeded: 334946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43364 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2025-05-12 | 7.5 High |
| An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. | ||||
| CVE-2022-43340 | 1 Dzzoffice | 1 Dzzoffice | 2025-05-12 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users. | ||||
| CVE-2022-42993 | 1 Password Storage Application Project | 1 Password Storage Application | 2025-05-12 | 5.4 Medium |
| Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. | ||||
| CVE-2021-37782 | 1 Phpgurukul | 1 Employee Record Management System | 2025-05-12 | 9.8 Critical |
| Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | ||||
| CVE-2025-47548 | 1 Wbcomdesigns | 1 Activity Link Preview For Buddypress | 2025-05-12 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Varun Dubey Wbcom Designs - Activity Link Preview For BuddyPress allows Server Side Request Forgery. This issue affects Wbcom Designs - Activity Link Preview For BuddyPress: from n/a through 1.4.4. | ||||
| CVE-2025-47549 | 1 Themefic | 1 Ultimate Before After Image Slider \& Gallery | 2025-05-12 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10. | ||||
| CVE-2025-47550 | 1 Themefic | 1 Instantio | 2025-05-12 | 6.6 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16. | ||||
| CVE-2025-47623 | 1 Wpplugin | 1 Easy Paypal \& Stripe Buy Now Button | 2025-05-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Easy PayPal Buy Now Button allows Stored XSS. This issue affects Easy PayPal Buy Now Button: from n/a through 2.0. | ||||
| CVE-2025-47624 | 1 Apasionados | 1 Dofollow Case By Case | 2025-05-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in apasionados DoFollow Case by Case allows Cross Site Request Forgery. This issue affects DoFollow Case by Case: from n/a through 3.5.1. | ||||
| CVE-2025-47625 | 1 Apasionados | 1 Dofollow Case By Case | 2025-05-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados DoFollow Case by Case allows Stored XSS. This issue affects DoFollow Case by Case: from n/a through 3.5.1. | ||||
| CVE-2025-47626 | 1 Apasionados | 1 Submission Dom Tracking For Contact Form 7 | 2025-05-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in apasionados Submission DOM tracking for Contact Form 7 allows Stored XSS. This issue affects Submission DOM tracking for Contact Form 7: from n/a through 2.0. | ||||
| CVE-2025-47628 | 1 Quomodosoft | 1 Qs Dark Mode | 2025-05-12 | 5.4 Medium |
| Missing Authorization vulnerability in quomodosoft QS Dark Mode allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QS Dark Mode: from n/a through 3.0. | ||||
| CVE-2021-47304 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized This commit fixes a bug (found by syzkaller) that could cause spurious double-initializations for congestion control modules, which could cause memory leaks or other problems for congestion control modules (like CDG) that allocate memory in their init functions. The buggy scenario constructed by syzkaller was something like: (1) create a TCP socket (2) initiate a TFO connect via sendto() (3) while socket is in TCP_SYN_SENT, call setsockopt(TCP_CONGESTION), which calls: tcp_set_congestion_control() -> tcp_reinit_congestion_control() -> tcp_init_congestion_control() (4) receive ACK, connection is established, call tcp_init_transfer(), set icsk_ca_initialized=0 (without first calling cc->release()), call tcp_init_congestion_control() again. Note that in this sequence tcp_init_congestion_control() is called twice without a cc->release() call in between. Thus, for CC modules that allocate memory in their init() function, e.g, CDG, a memory leak may occur. The syzkaller tool managed to find a reproducer that triggered such a leak in CDG. The bug was introduced when that commit 8919a9b31eb4 ("tcp: Only init congestion control if not initialized already") introduced icsk_ca_initialized and set icsk_ca_initialized to 0 in tcp_init_transfer(), missing the possibility for a sequence like the one above, where a process could call setsockopt(TCP_CONGESTION) in state TCP_SYN_SENT (i.e. after the connect() or TFO open sendmsg()), which would call tcp_init_congestion_control(). It did not intend to reset any initialization that the user had already explicitly made; it just missed the possibility of that particular sequence (which syzkaller managed to find). | ||||
| CVE-2021-47305 | 1 Linux | 1 Linux Kernel | 2025-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dma-buf/sync_file: Don't leak fences on merge failure Each add_fence() call does a dma_fence_get() on the relevant fence. In the error path, we weren't calling dma_fence_put() so all those fences got leaked. Also, in the krealloc_array failure case, we weren't freeing the fences array. Instead, ensure that i and fences are always zero-initialized and dma_fence_put() all the fences and kfree(fences) on every error path. | ||||
| CVE-2021-47315 | 1 Linux | 1 Linux Kernel | 2025-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298. | ||||
| CVE-2025-47630 | 1 Connekthq | 1 Ajax Load More | 2025-05-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney Ajax Load More allows Stored XSS. This issue affects Ajax Load More: from n/a through 7.3.1. | ||||
| CVE-2025-47632 | 1 Raihancse | 1 Awesome Gallery | 2025-05-12 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raihanul Islam Awesome Gallery allows Stored XSS. This issue affects Awesome Gallery: from n/a through 1.0. | ||||
| CVE-2021-47322 | 1 Linux | 1 Linux Kernel | 2025-05-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix an Oops in pnfs_mark_request_commit() when doing O_DIRECT Fix an Oopsable condition in pnfs_mark_request_commit() when we're putting a set of writes on the commit list to reschedule them after a failed pNFS attempt. | ||||
| CVE-2021-47317 | 1 Linux | 1 Linux Kernel | 2025-05-12 | 3.3 Low |
| In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: Fix detecting BPF atomic instructions Commit 91c960b0056672 ("bpf: Rename BPF_XADD and prepare to encode other atomics in .imm") converted BPF_XADD to BPF_ATOMIC and added a way to distinguish instructions based on the immediate field. Existing JIT implementations were updated to check for the immediate field and to reject programs utilizing anything more than BPF_ADD (such as BPF_FETCH) in the immediate field. However, the check added to powerpc64 JIT did not look at the correct BPF instruction. Due to this, such programs would be accepted and incorrectly JIT'ed resulting in soft lockups, as seen with the atomic bounds test. Fix this by looking at the correct immediate value. | ||||
| CVE-2025-47633 | 1 Awin | 1 Awin - Advertiser Tracking For Woocommerce | 2025-05-12 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Awin Awin – Advertiser Tracking for WooCommerce allows Cross Site Request Forgery. This issue affects Awin – Advertiser Tracking for WooCommerce: from n/a through 2.0.0. | ||||