Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2512 | 1 File Away Project | 1 File Away | 2025-08-11 | 9.8 Critical |
| The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-26530 | 1 Moodle | 1 Moodle | 2025-08-11 | 8.3 High |
| The question bank filter required additional sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2025-24936 | 1 Nokia | 1 Wavesuite Noc | 2025-08-11 | 9 Critical |
| The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver. | ||||
| CVE-2025-24937 | 1 Nokia | 1 Wavesuite Noc | 2025-08-11 | 9 Critical |
| File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server. | ||||
| CVE-2025-24938 | 1 Nokia | 1 Wavesuite Noc | 2025-08-11 | 8.4 High |
| The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management. | ||||
| CVE-2023-41532 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 8.8 High |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php. | ||||
| CVE-2023-41529 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 6.1 Medium |
| Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters. | ||||
| CVE-2023-41527 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php. | ||||
| CVE-2023-40992 | 1 Kishan0725 | 1 Hospital Management System | 2025-08-11 | 6.5 Medium |
| Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter. | ||||
| CVE-2024-4445 | 1 Wpcompress | 1 Wp Compress | 2025-08-11 | 6.5 Medium |
| The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the several functions in versions up to, and including, 6.20.01. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to edit plugin settings, including storing cross-site scripting, in multisite environments. | ||||
| CVE-2024-37119 | 1 Uncannyowl | 1 Uncanny Automator | 2025-08-11 | 5.3 Medium |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a through 5.3.0.0. | ||||
| CVE-2024-37470 | 2 Wofficeio, Xtendify | 2 Woffice Core, Woffice | 2025-08-11 | 8.2 High |
| Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8. | ||||
| CVE-2024-20351 | 1 Cisco | 1 Firepower Threat Defense Software | 2025-08-11 | 8.6 High |
| A vulnerability in the TCP/IP traffic handling function of the Snort Detection Engine of Cisco Firepower Threat Defense (FTD) Software and Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause legitimate network traffic to be dropped, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of TCP/IP network traffic. An attacker could exploit this vulnerability by sending a large amount of TCP/IP network traffic through the affected device. A successful exploit could allow the attacker to cause the Cisco FTD device to drop network traffic, resulting in a DoS condition. The affected device must be rebooted to resolve the DoS condition. | ||||
| CVE-2023-25613 | 1 Apache | 1 Kerby Ldap Backend | 2025-08-11 | 9.8 Critical |
| An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | ||||
| CVE-2024-20342 | 1 Cisco | 2 Firepower Threat Defense Software, Snort | 2025-08-11 | 5.8 Medium |
| Multiple Cisco products are affected by a vulnerability in the rate filtering feature of the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured rate limiting filter. This vulnerability is due to an incorrect connection count comparison. An attacker could exploit this vulnerability by sending traffic through an affected device at a rate that exceeds a configured rate filter. A successful exploit could allow the attacker to successfully bypass the rate filter. This could allow unintended traffic to enter the network protected by the affected device. | ||||
| CVE-2024-12267 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-11 | 5.3 Medium |
| The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible. | ||||
| CVE-2025-2331 | 1 Givewp | 1 Givewp | 2025-08-11 | 5.3 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including reports detailing donors and donation amounts. | ||||
| CVE-2025-1320 | 1 Mtrv | 1 Teachpress | 2025-08-11 | 4.3 Medium |
| The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-2530 | 1 Luxion | 1 Keyshot | 2025-08-11 | N/A |
| Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dae files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23698. | ||||
| CVE-2025-2531 | 1 Luxion | 1 Keyshot | 2025-08-11 | N/A |
| Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dae files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23704. | ||||