Total
88972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24849 | 1 Developingtheweb | 1 Quicksand Post Filter Jquery | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. | |||||
| CVE-2024-5968 | 1 10web | 1 Photo Gallery | 2025-05-06 | N/A | 4.8 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-24876 | 1 W-shadow | 1 Admin Menu Editor | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12. | |||||
| CVE-2025-25062 | 2025-05-06 | N/A | 4.4 MEDIUM | ||
| An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a potential attacker to craft specialized HTML and JavaScript that may be executed when an administrator attempts to edit a piece of content. This vulnerability is mitigated by the fact that an attacker must have the ability to create long text content (such as through the node or comment forms) and an administrator must edit (not view) the content that contains the malicious content. This problem only exists when using the CKEditor 5 module. | |||||
| CVE-2022-32946 | 1 Apple | 2 Ipad Os, Iphone Os | 2025-05-06 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | |||||
| CVE-2018-20623 | 1 Gnu | 1 Binutils | 2025-05-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. | |||||
| CVE-2024-48622 | 1 Domainmod | 1 Domainmod | 2025-05-06 | N/A | 6.6 MEDIUM |
| A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. | |||||
| CVE-2024-48623 | 1 Domainmod | 1 Domainmod | 2025-05-06 | N/A | 5.3 MEDIUM |
| In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). | |||||
| CVE-2024-25904 | 1 Blackbam | 1 Tinymce And Tinymce Advanced Professsional Formats And Styles | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. | |||||
| CVE-2024-24798 | 1 Soninow | 1 Debug | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10. | |||||
| CVE-2024-24802 | 1 Jtrt Responsive Tables Project | 1 Jtrt Responsive Tables | 2025-05-06 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9. | |||||
| CVE-2024-48624 | 1 Domainmod | 1 Domainmod | 2025-05-06 | N/A | 5.3 MEDIUM |
| In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability. | |||||
| CVE-2024-10297 | 1 Anujk305 | 1 Medical Card Generation System | 2025-05-06 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-20325 | 1 Cisco | 1 Unified Intelligence Center | 2025-05-06 | N/A | 5.1 MEDIUM |
| A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | |||||
| CVE-2024-25381 | 1 Emlog | 1 Emlog | 2025-05-06 | N/A | 6.1 MEDIUM |
| There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. | |||||
| CVE-2022-40487 | 1 Processwire | 1 Processwire | 2025-05-06 | N/A | 6.1 MEDIUM |
| ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. | |||||
| CVE-2018-6341 | 1 Facebook | 1 React | 2025-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. | |||||
| CVE-2018-20622 | 2 Debian, Jasper Project | 2 Debian Linux, Jasper | 2025-05-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | |||||
| CVE-2018-19937 | 1 Videolan | 1 Vlc For Mobile | 2025-05-06 | 4.6 MEDIUM | 6.6 MEDIUM |
| A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. | |||||
| CVE-2024-5075 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | N/A | 5.9 MEDIUM |
| The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||