Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5374 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This issue affects some unknown processing of the file /admin/all-applications.php. The manipulation of the argument del leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32229 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.4 High |
| FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||||
| CVE-2025-5375 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in PHPGurukul HPGurukul Online Birth Certificate System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/registered-users.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-43843 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-06-03 | 7.3 High |
| Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request. | ||||
| CVE-2023-43842 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-06-03 | 7.3 High |
| Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request. | ||||
| CVE-2024-23059 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | ||||
| CVE-2024-22942 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | ||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2025-06-03 | 4.3 Medium |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | ||||
| CVE-2024-21773 | 1 Tp-link | 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more | 2025-06-03 | 8.8 High |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | ||||
| CVE-2024-21732 | 1 Flycms Project | 1 Flycms | 2025-06-03 | 6.1 Medium |
| FlyCms through abbaa5a allows XSS via the permission management feature. | ||||
| CVE-2024-20805 | 1 Samsung | 2 Android, Myfiles | 2025-06-03 | 3.3 Low |
| Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. | ||||
| CVE-2024-0333 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-03 | 5.3 Medium |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-6984 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2025-06-03 | 5.3 Medium |
| The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6830 | 1 Strategy11 | 1 Formidable Form Builder | 2025-06-03 | 6.5 Medium |
| The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites. | ||||
| CVE-2023-6600 | 1 Daan | 1 Omgf | 2025-06-03 | 8.6 High |
| The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched. | ||||
| CVE-2023-6551 | 1 Verot | 1 Class.upload.php | 2025-06-03 | 5.4 Medium |
| As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines. | ||||
| CVE-2023-6528 | 1 Themepunch | 1 Slider Revolution | 2025-06-03 | 8.8 High |
| The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. | ||||
| CVE-2023-6506 | 1 Wpwhitesecurity | 1 Wp 2fa | 2025-06-03 | 4.3 Medium |
| The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site. | ||||
| CVE-2023-6223 | 1 Thimpress | 1 Learnpress | 2025-06-03 | 4.3 Medium |
| The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress. | ||||
| CVE-2023-6158 | 1 Myeventon | 2 Eventon, Eventon-lite | 2025-06-03 | 6.5 Medium |
| The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection. | ||||