Export limit exceeded: 341057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341057 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34007 | 1 Moodle | 1 Moodle | 2025-05-30 | 8.8 High |
| The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF. | ||||
| CVE-2024-34006 | 1 Moodle | 1 Moodle | 2025-05-30 | 4.3 Medium |
| The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered. | ||||
| CVE-2024-34001 | 1 Moodle | 1 Moodle | 2025-05-30 | 8.4 High |
| Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2024-34000 | 1 Moodle | 1 Moodle | 2025-05-30 | 4.3 Medium |
| ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2024-33999 | 1 Moodle | 1 Moodle | 2025-05-30 | 9.8 Critical |
| The referrer URL used by MFA required additional sanitizing, rather than being used directly. | ||||
| CVE-2024-33998 | 1 Moodle | 1 Moodle | 2025-05-30 | 5.4 Medium |
| Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | ||||
| CVE-2019-25071 | 1 Apple | 1 Iphone Os | 2025-05-30 | 6.3 Medium |
| A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. | ||||
| CVE-2024-33997 | 1 Moodle | 1 Moodle | 2025-05-30 | 6.1 Medium |
| Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. | ||||
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2025-05-30 | 6.2 Medium |
| Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to. | ||||
| CVE-2023-30309 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-30 | 5.7 Medium |
| An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2025-5190 | 2025-05-30 | 8.8 High | ||
| The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id. | ||||
| CVE-2025-4944 | 2025-05-30 | 6.4 Medium | ||
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-48491 | 2025-05-30 | N/A | ||
| Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version. | ||||
| CVE-2025-48490 | 2025-05-30 | N/A | ||
| Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0. | ||||
| CVE-2025-4659 | 2025-05-30 | 5.3 Medium | ||
| The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2025-4636 | 2025-05-30 | 7.8 High | ||
| Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | ||||
| CVE-2025-4635 | 2025-05-30 | 6.6 Medium | ||
| A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as a low privileged user. | ||||
| CVE-2025-4634 | 2025-05-30 | 4.1 Medium | ||
| The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem | ||||
| CVE-2025-4597 | 2025-05-30 | 6.5 Medium | ||
| The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | ||||
| CVE-2025-41235 | 2025-05-30 | 8.6 High | ||
| Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies. | ||||