Export limit exceeded: 10114 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338064 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3150 | 1 Wp Custom Cursors Project | 1 Wp Custom Cursors | 2025-05-14 | 7.2 High |
| The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privileged users such as admin | ||||
| CVE-2024-3239 | 1 Wpxpo | 1 Postx | 2025-05-14 | 5.4 Medium |
| The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-3582 | 2 Markreynolds, Mmond | 2 Ungallery, Ungallery | 2025-05-14 | 4.8 Medium |
| The UnGallery WordPress plugin through 2.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-3590 | 1 Themeqx | 1 Letterpress | 2025-05-14 | 6.1 Medium |
| The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers | ||||
| CVE-2024-3903 | 1 Technologicx | 1 Add Custom Css And Js | 2025-05-14 | 7.1 High |
| The Add Custom CSS and JS WordPress plugin through 1.20 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in as author and above add Stored XSS payloads via a CSRF attack | ||||
| CVE-2025-22222 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.7 High |
| VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. | ||||
| CVE-2024-3241 | 1 Dotcamp | 1 Ultimate Blocks | 2025-05-14 | 5.4 Medium |
| The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2025-22221 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 5.2 Medium |
| VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. | ||||
| CVE-2025-22219 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 6.8 Medium |
| VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user. | ||||
| CVE-2025-22218 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 8.5 High |
| VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs | ||||
| CVE-2024-38830 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.8 High |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. | ||||
| CVE-2024-38831 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.8 High |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. | ||||
| CVE-2024-10555 | 1 Maxfoundry | 1 Maxbuttons | 2025-05-14 | 4.8 Medium |
| The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-2673 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-38832 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.1 High |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||||
| CVE-2024-38833 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 6.8 Medium |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||||
| CVE-2024-38834 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 6.5 Medium |
| VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | ||||
| CVE-2025-2672 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation of the argument bir leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-11108 | 1 Cryoutcreations | 1 Serious Slider | 2025-05-14 | 5.4 Medium |
| The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-2984 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 6.3 Medium |
| A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of the argument emp_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||