Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53968 | 2025-03-19 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | ||||
| CVE-2024-56222 | 1 Codebard | 1 Codebard Help Desk | 2025-03-19 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1. | ||||
| CVE-2023-38475 | 1 Rednao | 1 Donations Made Easy - Smart Donations | 2025-03-19 | 4.3 Medium |
| Missing Authorization vulnerability in RedNao Donations Made Easy – Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | ||||
| CVE-2024-53967 | 2025-03-19 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | ||||
| CVE-2025-0431 | 2025-03-19 | 5.8 Medium | ||
| Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively. | ||||
| CVE-2025-26485 | 2025-03-19 | 5.8 Medium | ||
| The Exposure of Sensitive Information to an Unauthorized Actor vulnerability impacting Beta80 Life 1st Identity Manager allows User Enumeration using Authentication Rest APIs. Affected: Life 1st version 1.5.2.14234. Different error messages are returned to failed authentication attempts in case of the usage of a wrong password or a non existent user. This issue affects Life 1st: 1.5.2.14234. | ||||
| CVE-2025-1758 | 2025-03-19 | 4.3 Medium | ||
| Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | ||||
| CVE-2023-29429 | 1 Wpeverest | 1 User Registration | 2025-03-19 | 5.3 Medium |
| Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1. | ||||
| CVE-2024-7974 | 1 Google | 1 Chrome | 2025-03-19 | 8.8 High |
| Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2024-6219 | 1 Canonical | 1 Lxd | 2025-03-19 | 3.8 Low |
| Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | ||||
| CVE-2024-44188 | 1 Apple | 1 Macos | 2025-03-19 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. | ||||
| CVE-2024-30163 | 1 Invisioncommunity | 1 Invisioncommunity | 2025-03-19 | 9.8 Critical |
| Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks. | ||||
| CVE-2024-13101 | 2025-03-19 | 5.4 Medium | ||
| The WP MediaTagger WordPress plugin through 4.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-25768 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 6.5 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. | ||||
| CVE-2023-25767 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 8.8 High |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers to connect to an attacker-specified web server. | ||||
| CVE-2023-25766 | 1 Jenkins | 1 Azure Credentials | 2025-03-19 | 4.3 Medium |
| A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2025-03-19 | 9.9 Critical |
| In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
| CVE-2023-25764 | 1 Jenkins | 1 Email Extension | 2025-03-19 | 5.4 Medium |
| Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or change custom email templates. | ||||
| CVE-2023-23462 | 1 Libpeconv Project | 1 Libpeconv | 2025-03-19 | 9.8 Critical |
| Libpeconv – integer overflow, before commit 75b1565 (30/11/2022). | ||||
| CVE-2023-22998 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-03-19 | 5.5 Medium |
| In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | ||||