Export limit exceeded: 342552 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55123 | 2 Revive, Revive-adserver | 2 Adserver, Revive Adserver | 2025-12-05 | 5.4 Medium |
| Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users. | ||||
| CVE-2017-1000237 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.8 Critical |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | ||||
| CVE-2017-1000236 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 6.1 Medium |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | ||||
| CVE-2017-1000235 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.8 Critical |
| I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | ||||
| CVE-2017-1000234 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 5.3 Medium |
| I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter | ||||
| CVE-2023-3021 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. | ||||
| CVE-2024-40500 | 2 I-librarian, Scilico | 2 I-librarian, I\, Librarian | 2025-12-05 | 8.8 High |
| Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | ||||
| CVE-2025-63681 | 2 Open-webui, Openwebui | 2 Open-webui, Open Webui | 2025-12-05 | 4.3 Medium |
| open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks. | ||||
| CVE-2018-1000141 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.1 Critical |
| I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. | ||||
| CVE-2018-1000139 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 6.1 Medium |
| I, Librarian version 4.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in "id" parameter in stable.php that can result in an attacker using the XSS to send a malicious script to an unsuspecting user. | ||||
| CVE-2018-1000138 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.1 Critical |
| I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or update internal resources. | ||||
| CVE-2018-1000137 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 8.8 High |
| I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. | ||||
| CVE-2018-1000124 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 10.0 Critical |
| I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter form_import_textarea. | ||||
| CVE-2012-3842 | 1 Directadmin | 1 Directadmin | 2025-12-05 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. | ||||
| CVE-2025-21080 | 2 Google, Samsung | 4 Android, Android, Dynamic Lockscreen and 1 more | 2025-12-05 | 6.2 Medium |
| Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege. | ||||
| CVE-2025-4523 | 2 Themeatelier, Wordpress | 2 Idonate, Wordpress | 2025-12-05 | 6.5 Medium |
| The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the admin_donor_profile_view() function in versions 2.0.0 to 2.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose an administrator’s username, email address, and all donor fields. | ||||
| CVE-2024-2873 | 1 Wolfssh | 1 Wolfssh | 2025-12-05 | 9.1 Critical |
| A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access. | ||||
| CVE-2024-8964 | 1 Sirv | 1 Sirv | 2025-12-05 | 6.4 Medium |
| The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-5853 | 1 Sirv | 2 Image Optimizer\, Resizer And Cdn, Sirv | 2025-12-05 | 9.9 Critical |
| The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the sirv_upload_file_by_chanks AJAX action in all versions up to, and including, 7.2.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-29042 | 2 Francisco, Franciscop | 2 Translate, Translate | 2025-12-05 | 5.3 Medium |
| Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue. | ||||