Export limit exceeded: 11174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0489 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-05 | 6.3 Medium |
| A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0488 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-05 | 6.3 Medium |
| A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10638 | 1 Acowebs | 1 Product Labels For Woocommerce \(sale Badges\) | 2025-05-05 | 4.1 Medium |
| The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-13095 | 1 Wptriggers | 1 Wp Triggers Lite | 2025-05-05 | 4.8 Medium |
| The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-0365 | 1 Radykal | 1 Fancy Product Designer | 2025-05-05 | 6.5 Medium |
| The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. | ||||
| CVE-2025-47240 | 2025-05-05 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2023-5174 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-05-05 | 9.8 Critical |
| If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2023-53076 | 2025-05-05 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-42852 | 4 Apple, Debian, Fedoraproject and 1 more | 14 Ipados, Iphone Os, Macos and 11 more | 2025-05-05 | 8.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-40125 | 1 Google | 1 Android | 2025-05-05 | 7.8 High |
| In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40120 | 1 Google | 1 Android | 2025-05-05 | 7.8 High |
| In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40116 | 1 Google | 1 Android | 2025-05-05 | 7.8 High |
| In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21266 | 1 Google | 1 Android | 2025-05-05 | 7.8 High |
| In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-44542 | 1 Lesspipe Project | 1 Lesspipe | 2025-05-05 | 9.8 Critical |
| lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. | ||||
| CVE-2022-43990 | 1 Sick | 2 Sim1012-0p0g200, Sim1012-0p0g200 Firmware | 2025-05-05 | 7.3 High |
| Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version <2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 2.2.0 as soon as possible (available in SICK Support Portal). | ||||
| CVE-2022-43989 | 1 Sick | 4 Sim2000-2p04g10, Sim2000-2p04g10 Firmware, Sim2500-2p03g10 and 1 more | 2025-05-05 | 7.3 High |
| Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version < 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible (available in SICK Support Portal). | ||||
| CVE-2022-43362 | 1 Slims | 1 Senayan Library Management System | 2025-05-05 | 7.2 High |
| Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php. | ||||
| CVE-2022-43361 | 1 Slims | 1 Senayan Library Management System | 2025-05-05 | 4.8 Medium |
| Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the component pop_chart.php. | ||||
| CVE-2022-43241 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | 6.5 Medium |
| Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | ||||
| CVE-2022-43240 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2025-05-05 | 6.5 Medium |
| Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file. | ||||