Export limit exceeded: 342624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36908 | 1 Microsoft | 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-09 | 6.5 Medium |
| Windows Hyper-V Information Disclosure Vulnerability | ||||
| CVE-2023-35380 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-09 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-30341 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-07-09 | 7.8 High |
| Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22709. | ||||
| CVE-2020-26082 | 1 Cisco | 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more | 2025-07-09 | 5.8 Medium |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | ||||
| CVE-2023-6978 | 1 Astoundify | 1 Wp Job Manager | 2025-07-09 | 6.1 Medium |
| The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-10787 | 1 La-studioweb | 1 La-studio Element Kit For Elementor | 2025-07-09 | 4.3 Medium |
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to. | ||||
| CVE-2024-10178 | 1 Gutentor | 1 Gutentor | 2025-07-09 | 6.4 Medium |
| The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10247 | 2 Total-soft, Totalsoft | 2 Video Gallery, Video Gallery Youtube Gallery And Vimeo Gallery | 2025-07-09 | 7.2 High |
| The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-9769 | 1 Total-soft | 1 Video Gallery | 2025-07-09 | 4.4 Medium |
| The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-53688 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-53687 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-53686 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-53685 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-53684 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-53683 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-53682 | 2025-07-09 | N/A | ||
| Not used | ||||
| CVE-2025-28057 | 1 Owladmin | 1 Owl Admin | 2025-07-09 | 7.2 High |
| owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin-api/system/admin_menus/save_order. | ||||
| CVE-2025-47204 | 1 Davidstutz | 1 Bootstrap Multiselect | 2025-07-09 | 6.1 Medium |
| An issue was discovered in post.php in bootstrap-multiselect (aka Bootstrap Multiselect) 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting (XSS) vulnerability exploitable through Cross-Site Request Forgery (CSRF). | ||||
| CVE-2025-28055 | 1 Shinnku | 1 Upset-gal-web | 2025-07-09 | 7.5 High |
| upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit | ||||
| CVE-2025-45835 | 1 Netis-systems | 2 Wf2880, Wf2880 Firmware | 2025-07-09 | 7.5 High |
| A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | ||||