Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47073 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2025-06-24 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-35941 | 1 Myscada | 1 Mypro | 2025-06-24 | 5.5 Medium |
| A password is exposed locally. | ||||
| CVE-2025-47071 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2025-06-24 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-49241 | 1 Bobbingwide | 1 Oik | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in bobbingwide oik allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects oik: from n/a through 4.15.1. | ||||
| CVE-2025-47077 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2025-06-24 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-7457 | 2 Apple, Stash | 2 Macos, Stash | 2025-06-24 | 7.8 High |
| The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection. | ||||
| CVE-2025-39355 | 1 Roninwp | 1 Fat Services Booking | 2025-06-24 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in roninwp FAT Services Booking allows SQL Injection.This issue affects FAT Services Booking: from n/a through 5.6. | ||||
| CVE-2025-39407 | 1 Caseproof | 1 Memberpress | 2025-06-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a before 1.12.0. | ||||
| CVE-2025-39444 | 1 Maxfoundry | 1 Maxbuttons | 2025-06-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3. | ||||
| CVE-2025-39447 | 1 Crocoblock | 1 Jetelements For Elementor | 2025-06-24 | 7.5 High |
| Missing Authorization vulnerability in Crocoblock JetElements For Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | ||||
| CVE-2025-39448 | 1 Crocoblock | 1 Jetelements For Elementor | 2025-06-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue affects JetElements For Elementor: from n/a through 2.7.4.1. | ||||
| CVE-2025-39452 | 1 Themewinter | 1 Wpcafe | 2025-06-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32. | ||||
| CVE-2025-39460 | 1 Thimpress | 1 Eduma | 2025-06-24 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4. | ||||
| CVE-2025-39511 | 1 Valvepress | 1 Pinterest Automatic Pin | 2025-06-24 | 4.3 Medium |
| Missing Authorization vulnerability in ValvePress Pinterest Automatic Pin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pinterest Automatic Pin: from n/a through 4.18.2. | ||||
| CVE-2025-39514 | 1 Asgaros | 1 Asgaros Forum | 2025-06-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asgaros Asgaros Forum allows Stored XSS. This issue affects Asgaros Forum: from n/a through 3.0.0. | ||||
| CVE-2025-39524 | 1 Bplugins | 1 Html5 Audio Player | 2025-06-24 | 6.5 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in bPlugins Html5 Audio Player allows Stored XSS. This issue affects Html5 Audio Player: from n/a through 2.2.28. | ||||
| CVE-2025-39526 | 1 Nicdark | 1 Hotel Booking | 2025-06-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6. | ||||
| CVE-2025-39545 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2025-06-24 | 5.4 Medium |
| Missing Authorization vulnerability in miniOrange WordPress REST API Authentication allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress REST API Authentication: from n/a through 3.6.3. | ||||
| CVE-2025-39549 | 1 Whiletrue | 1 Most And Least Read Posts Widget | 2025-06-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in whiletrue Most And Least Read Posts Widget allows Stored XSS. This issue affects Most And Least Read Posts Widget: from n/a through 2.5.20. | ||||
| CVE-2025-39556 | 1 Mediavine | 1 Mediavine Control Panel | 2025-06-24 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel allows Retrieve Embedded Sensitive Data. This issue affects Mediavine Control Panel: from n/a through 2.10.6. | ||||