Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9107 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=attachment&f=imagecut&v=init&imgurl=[XSS] to coreframe/app/attachment/imagecut.php. | ||||
| CVE-2019-9109 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=message&f=message&v=add&username=[XSS] to coreframe/app/message/message.php. | ||||
| CVE-2019-9110 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php. | ||||
| CVE-2018-18938 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is stored XSS in index.php?m=core&f=index via an ontoggle attribute to details/open/ within a second input field. | ||||
| CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | ||||
| CVE-2018-14512 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 6.1 Medium |
| An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server" screen, the XSS payload is triggered. | ||||
| CVE-2018-10248 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete. | ||||
| CVE-2018-10368 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement. | ||||
| CVE-2018-10367 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section. | ||||
| CVE-2018-10391 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email parameter to the index.php?m=member&v=register URI. | ||||
| CVE-2018-11528 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI. | ||||
| CVE-2018-11549 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring. | ||||
| CVE-2018-10313 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | N/A |
| WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. | ||||
| CVE-2024-1331 | 1 Wpdarko | 1 Team Members | 2025-05-05 | 6.1 Medium |
| The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-1333 | 1 Wpdarko | 1 Responsive Pricing Table | 2025-05-05 | 5.4 Medium |
| The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-1658 | 2 Wordpress, Wpdarko | 2 Grid Shortcodes, Grid Shortcodes | 2025-05-05 | 5.4 Medium |
| The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-7085 | 1 Sterlinghamilton | 1 Scalable Vector Graphics \(svg\) | 2025-05-05 | 5.4 Medium |
| The Scalable Vector Graphics (SVG) WordPress plugin through 3.4 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | ||||
| CVE-2023-7236 | 1 Backupbolt | 1 Backup Bolt | 2025-05-05 | 4.7 Medium |
| The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information. | ||||
| CVE-2024-20019 | 1 Mediatek | 3 Mt7925, Mt7927, Software Package | 2025-05-05 | 5.9 Medium |
| In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173. | ||||
| CVE-2024-28424 | 1 Zenml | 1 Zenml | 2025-05-05 | 8.8 High |
| zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | ||||