Total
88202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2025-04-25 | N/A | 6.5 MEDIUM |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | |||||
| CVE-2022-44279 | 1 Garage Management System Project | 1 Garage Management System | 2025-04-25 | N/A | 6.1 MEDIUM |
| Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. | |||||
| CVE-2022-3828 | 1 Video Thumbnails Project | 1 Video Thumbnails | 2025-04-25 | N/A | 4.8 MEDIUM |
| The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2022-3610 | 1 Jeeng Push Notifications Project | 1 Jeeng Push Notifications | 2025-04-25 | N/A | 4.8 MEDIUM |
| The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2022-2983 | 1 Salat Times Project | 1 Salat Times | 2025-04-25 | N/A | 4.8 MEDIUM |
| The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-0564 | 2 Microsoft, Qlik | 2 Windows, Qlik Sense | 2025-04-25 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. The affected URI is /internal_forms_authentication/ the response time of the form is longer if the supplied user does not exists and shorter if the user exists. | |||||
| CVE-2025-46433 | 2025-04-25 | N/A | 4.9 MEDIUM | ||
| In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible | |||||
| CVE-2025-46432 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs | |||||
| CVE-2025-43016 | 2025-04-25 | N/A | 5.4 MEDIUM | ||
| In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session | |||||
| CVE-2025-3647 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve. | |||||
| CVE-2025-3645 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses. | |||||
| CVE-2025-3644 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify. | |||||
| CVE-2025-3643 | 2025-04-25 | N/A | 5.4 MEDIUM | ||
| A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk. | |||||
| CVE-2025-3640 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access. | |||||
| CVE-2025-3636 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks. | |||||
| CVE-2025-3628 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities. | |||||
| CVE-2025-3627 | 2025-04-25 | N/A | 4.3 MEDIUM | ||
| A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA). | |||||
| CVE-2025-37088 | 2025-04-25 | N/A | 6.8 MEDIUM | ||
| A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on race conditions and configuration, this vulnerability may lead to local/cluster unauthorized access. | |||||
| CVE-2025-32045 | 2025-04-25 | N/A | 5.3 MEDIUM | ||
| A flaw has been identified in Moodle where insufficient capability checks in certain grade reports allowed users without the necessary permissions to access hidden grades. | |||||
| CVE-2025-27371 | 2025-04-25 | N/A | 6.9 MEDIUM | ||
| In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR). | |||||