Export limit exceeded: 17153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8241 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2025-05-05 | 4.3 Medium |
| Adobe Media Encoder versions 13.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2024-34244 | 1 Libmodbus | 1 Libmodbus | 2025-05-05 | 7.5 High |
| libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. | ||||
| CVE-2024-2441 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2025-05-05 | 8.1 High |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 allows direct access to menus, allowing an authenticated user with subscriber privileges or above, to bypass authorization and access settings of the VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's they shouldn't be allowed to. | ||||
| CVE-2024-2749 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2025-05-05 | 5.9 Medium |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations. | ||||
| CVE-2025-27007 | 2025-05-05 | 9.8 Critical | ||
| Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. | ||||
| CVE-2024-35099 | 1 Totolink | 2 Lr350, Lr350 Firmware | 2025-05-05 | 9.8 Critical |
| TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | ||||
| CVE-2024-3940 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 8.8 High |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-3941 | 1 Bozdoz | 1 Recaptcha Jetpack | 2025-05-05 | 4.7 Medium |
| The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2023-46145 | 1 Themify | 1 Ultra | 2025-05-05 | 8.8 High |
| Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. | ||||
| CVE-2024-4323 | 1 Treasuredata | 1 Fluent Bit | 2025-05-05 | 9.8 Critical |
| A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. | ||||
| CVE-2023-32871 | 5 Google, Linuxfoundation, Mediatek and 2 more | 63 Android, Yocto, Mt2737 and 60 more | 2025-05-05 | 5.3 Medium |
| In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514. | ||||
| CVE-2022-1186 | 1 Web-x | 1 Be Popia Compliant | 2025-05-05 | 5.3 Medium |
| The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5. | ||||
| CVE-2021-38324 | 1 Smartypantsplugins | 1 Sp Rental Manager | 2025-05-05 | 8.2 High |
| The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3. | ||||
| CVE-2021-38320 | 1 Simplesamlphp Authentication Project | 1 Simplesamlphp Authentication | 2025-05-05 | 6.1 Medium |
| The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. | ||||
| CVE-2021-38321 | 1 Custom-sub-menus Project | 1 Custom-sub-menus | 2025-05-05 | 6.1 Medium |
| The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3. | ||||
| CVE-2021-38317 | 1 Kibokolabs | 1 Konnichiwa | 2025-05-05 | 6.1 Medium |
| The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. | ||||
| CVE-2021-38319 | 1 Windyroad | 1 More From Google | 2025-05-05 | 6.1 Medium |
| The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. | ||||
| CVE-2022-21721 | 1 Vercel | 1 Next.js | 2025-05-05 | 5.9 Medium |
| Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. A patch has been released, `[email protected]`, that mitigates this issue. As a workaround, one may ensure `/${locale}/_next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade. | ||||
| CVE-2023-4763 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-05-05 | 8.8 High |
| Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-4369 | 1 Google | 2 Chrome, Chrome Os | 2025-05-05 | 8.8 High |
| Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||