Export limit exceeded: 341140 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341140 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42041 | 1 Democritus | 1 D8s-file-system | 2025-05-19 | 9.8 Critical |
| The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | ||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2025-05-19 | 9.8 Critical |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2025-05-19 | 9.8 Critical |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2025-05-19 | 9.8 Critical |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | ||||
| CVE-2022-41530 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2025-05-19 | 7.2 High |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower. | ||||
| CVE-2022-41408 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-19 | 9.8 Critical |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | ||||
| CVE-2022-41407 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-19 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order. | ||||
| CVE-2024-4757 | 1 Wp-master | 1 Logo Manager For Enamad | 2025-05-19 | 8.1 High |
| The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-4900 | 1 Seopress | 1 Seopress | 2025-05-19 | 6.1 Medium |
| The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post | ||||
| CVE-2024-4899 | 1 Seopress | 1 Seopress | 2025-05-19 | 5.0 Medium |
| The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-5522 | 1 Bplugins | 1 Html5 Video Player | 2025-05-19 | 6.5 Medium |
| The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | ||||
| CVE-2024-5573 | 1 Magazine3 | 1 Easy Table Of Contents | 2025-05-19 | 5.9 Medium |
| The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-5473 | 1 Zitscher | 1 Simple Photoswipe | 2025-05-19 | 4.0 Medium |
| The Simple Photoswipe WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-5071 | 1 Wpbookster | 1 Bookster | 2025-05-19 | 6.5 Medium |
| The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment (the request body) to change its status from pending to approved. | ||||
| CVE-2024-3633 | 1 Rezakhan995 | 1 Webp \& Svg Support | 2025-05-19 | 5.4 Medium |
| The WebP & SVG Support WordPress plugin through 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2024-4759 | 1 Staude | 1 Mime Types Extended | 2025-05-19 | 5.5 Medium |
| The Mime Types Extended WordPress plugin through 0.11 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2024-5730 | 2 Mahype, Svenwagener | 2 Pagerank Tools, Pagerank Tools | 2025-05-19 | 6.1 Medium |
| The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5729 | 1 Alexdtn | 1 Simple Al Slider | 2025-05-19 | 6.1 Medium |
| The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5728 | 1 Alexdtn | 1 Animated Al List | 2025-05-19 | 5.4 Medium |
| The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5727 | 1 Apidaze | 1 Widget4call | 2025-05-19 | 4.7 Medium |
| The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||