Export limit exceeded: 338052 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338052 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45861 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-05-15 | 9.8 Critical |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the routername parameter in the formDnsv6 interface. | ||||
| CVE-2025-45865 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-05-15 | 9.8 Critical |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the dnsaddr parameter in the formDhcpv6s interface. | ||||
| CVE-2024-3632 | 1 Codepeople | 1 Smart Image Gallery | 2025-05-15 | 6.8 Medium |
| The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-4269 | 2 Boldblocks, Phiphan | 2 Svg Block, Svg Block | 2025-05-15 | 6.1 Medium |
| The SVG Block WordPress plugin before 1.1.20 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | ||||
| CVE-2024-4272 | 1 Sayedulsayem | 1 Support Svg | 2025-05-15 | 6.1 Medium |
| The Support SVG WordPress plugin before 1.1.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | ||||
| CVE-2024-4602 | 1 Info-d-74 | 1 Embed Peertube Playlist | 2025-05-15 | 5.4 Medium |
| The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-4752 | 1 Myeventon | 1 Eventon | 2025-05-15 | 5.9 Medium |
| The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-42901 | 1 Bentley | 2 Microstation, View | 2025-05-15 | 7.8 High |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | ||||
| CVE-2022-42900 | 1 Bentley | 2 Microstation, View | 2025-05-15 | 7.8 High |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | ||||
| CVE-2022-42899 | 1 Bentley | 2 Microstation, View | 2025-05-15 | 7.8 High |
| Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View. | ||||
| CVE-2022-42897 | 1 Arraynetworks | 15 Ag1000, Ag1000t, Ag1000v5 and 12 more | 2025-05-15 | 9.8 Critical |
| Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | ||||
| CVE-2022-42715 | 1 Vanderbilt | 1 Redcap | 2025-05-15 | 6.1 Medium |
| A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. | ||||
| CVE-2022-42711 | 1 Progress | 1 Whatsup Gold | 2025-05-15 | 9.6 Critical |
| In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | ||||
| CVE-2022-42161 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2025-05-15 | 8.8 High |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | ||||
| CVE-2022-42087 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-05-15 | 6.5 Medium |
| Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. | ||||
| CVE-2024-5030 | 2 Cminds, Creativemindssolutions | 2 Cm Table Of Contents, Cm-table-of-content | 2025-05-15 | 3.8 Low |
| The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack | ||||
| CVE-2022-31228 | 1 Dell | 3 Xtremio Management Server, Xtremio X1, Xtremio X2 | 2025-05-15 | 8.1 High |
| Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability. A remote unauthenticated attacker can potentially exploit this vulnerability and gain access to an admin account. | ||||
| CVE-2024-52317 | 1 Apache | 1 Tomcat | 2025-05-15 | 6.5 Medium |
| Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | ||||
| CVE-2022-32487 | 1 Dell | 580 Alienware Area 51m R1, Alienware Area 51m R1 Firmware, Alienware Area 51m R2 and 577 more | 2025-05-15 | 7.5 High |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. | ||||
| CVE-2024-52318 | 1 Apache | 1 Tomcat | 2025-05-15 | 6.1 Medium |
| Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | ||||