Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3023 | 1 Pingcap | 1 Tidb | 2025-05-02 | 9.8 Critical |
| Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | ||||
| CVE-2024-36742 | 1 Oneflow | 1 Oneflow | 2025-05-02 | 7.5 High |
| An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape. | ||||
| CVE-2022-39393 | 1 Bytecodealliance | 1 Wasmtime | 2025-05-02 | 8.6 High |
| Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. | ||||
| CVE-2024-36737 | 1 Oneflow | 1 Oneflow | 2025-05-02 | 7.5 High |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter. | ||||
| CVE-2024-36743 | 1 Oneflow | 1 Oneflow | 2025-05-02 | 7.5 High |
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot. | ||||
| CVE-2024-36732 | 1 Oneflow | 1 Oneflow | 2025-05-02 | 7.5 High |
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot. | ||||
| CVE-2024-36734 | 1 Oneflow | 1 Oneflow | 2025-05-02 | 7.5 High |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter. | ||||
| CVE-2024-5032 | 1 Toolstack | 1 Sully | 2025-05-02 | 4.7 Medium |
| The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-5033 | 1 Toolstack | 1 Sully | 2025-05-02 | 5.9 Medium |
| The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | ||||
| CVE-2024-5034 | 1 Toolstack | 1 Sully | 2025-05-02 | 8.8 High |
| The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | ||||
| CVE-2024-5074 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-02 | 5.4 Medium |
| The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2006-5175 | 1 Buffalo-technology | 1 Terastation Hd-htgl Firmware | 2025-05-02 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. | ||||
| CVE-2024-48510 | 3 Dotnetzip.semverd Project, Mihula, Nuget | 3 Dotnetzip.semverd, Prodotnetzip, Dotnetzip | 2025-05-02 | 9.1 Critical |
| Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-33265 | 1 Hazelcast | 2 Hazelcast, Imdg | 2025-05-02 | 8.8 High |
| In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted. | ||||
| CVE-2022-49816 | 2025-05-02 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-5168 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-05-01 | 9.8 Critical |
| A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | ||||
| CVE-2022-3463 | 1 Fluentforms | 1 Contact Form | 2025-05-01 | 9.8 Critical |
| The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection | ||||
| CVE-2022-3462 | 1 Highlight Focus Project | 1 Highlight Focus | 2025-05-01 | 4.8 Medium |
| The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3451 | 1 Addify | 1 Product Stock Manager | 2025-05-01 | 4.3 Medium |
| The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options | ||||
| CVE-2022-3418 | 1 Soflyy | 1 Wp All Import | 2025-05-01 | 7.2 High |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | ||||