Export limit exceeded: 338004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338004 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10554 | 1 Internet-formation | 1 Wp-advanced-search | 2025-05-15 | 3.5 Low |
| The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-42080 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. | ||||
| CVE-2022-42079 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-05-15 | 7.5 High |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. | ||||
| CVE-2022-42078 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-05-15 | 6.5 Medium |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. | ||||
| CVE-2022-42077 | 1 Tenda | 2 Ac1206, Ac1206 Firmware | 2025-05-15 | 6.5 Medium |
| Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||||
| CVE-2022-41403 | 1 Newsletter Subscribe \(popup \+ Regular Module\) Project | 1 Newsletter Subscribe \(popup \+ Regular Module\) | 2025-05-15 | 9.8 Critical |
| OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter. | ||||
| CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2025-05-15 | 5.5 Medium |
| IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. | ||||
| CVE-2022-28887 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Elements Endpoint Detection And Response and 5 more | 2025-05-15 | 4.3 Medium |
| Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash. | ||||
| CVE-2022-25665 | 1 Qualcomm | 168 Aqt1000, Aqt1000 Firmware, Ar8035 and 165 more | 2025-05-15 | 6.8 Medium |
| Information disclosure due to buffer over read in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile | ||||
| CVE-2022-25664 | 1 Qualcomm | 220 Apq8009, Apq8009 Firmware, Apq8052 and 217 more | 2025-05-15 | 6.2 Medium |
| Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2022-25663 | 1 Qualcomm | 62 Aqt1000, Aqt1000 Firmware, Qca1062 and 59 more | 2025-05-15 | 5.5 Medium |
| Possible buffer overflow due to lack of buffer length check during management frame Rx handling lead to denial of service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity | ||||
| CVE-2022-25662 | 1 Qualcomm | 156 Apq8096au, Apq8096au Firmware, Msm8996au and 153 more | 2025-05-15 | 5.3 Medium |
| Information disclosure due to untrusted pointer dereference in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2022-22077 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2025-05-15 | 8.4 High |
| Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile | ||||
| CVE-2021-36369 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2025-05-15 | 7.5 High |
| An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed. | ||||
| CVE-2024-10703 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2025-05-15 | 6.1 Medium |
| The Registrations for the Events Calendar WordPress plugin before 2.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11272 | 1 Wpforms | 1 Pirate Forms | 2025-05-15 | 6.1 Medium |
| The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11273 | 1 Wpforms | 1 Contact Form | 2025-05-15 | 6.1 Medium |
| The Contact Form & SMTP Plugin for WordPress by PirateForms WordPress plugin before 2.6.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-6024 | 1 Adamsolymosi | 1 Contentlock | 2025-05-15 | 8.8 High |
| The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack | ||||
| CVE-2024-3026 | 1 Maxfoundry | 1 Maxbuttons | 2025-05-15 | 5.4 Medium |
| The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks | ||||
| CVE-2021-36201 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2025-05-15 | 4.3 Medium |
| Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | ||||