Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0879 | 1 Btcpayserver | 1 Btcpay Server | 2025-03-18 | 6.3 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | ||||
| CVE-2024-43202 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 9.8 Critical |
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. | ||||
| CVE-2023-0880 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-18 | 8.3 High |
| Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-29831 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 8.8 High |
| Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2. | ||||
| CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2025-03-18 | 7.5 High |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | ||||
| CVE-2022-43927 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2025-03-18 | 5.9 Medium |
| IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. | ||||
| CVE-2022-27891 | 1 Palantir | 1 Gotham | 2025-03-18 | 5.3 Medium |
| Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0. | ||||
| CVE-2023-0918 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2025-03-18 | 6.3 Medium |
| A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0860 | 1 Modoboa | 1 Installer | 2025-03-18 | 7.5 High |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | ||||
| CVE-2024-0709 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 9.8 Critical |
| The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-0866 | 1 Gpac | 1 Gpac | 2025-03-18 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. | ||||
| CVE-2021-26277 | 2 Google, Vivo | 2 Android, Frame Service | 2025-03-18 | 5.6 Medium |
| The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | ||||
| CVE-2023-36681 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 5.3 Medium |
| Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.2. | ||||
| CVE-2024-43304 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.8.0. | ||||
| CVE-2024-34093 | 1 Archerirm | 1 Archer | 2025-03-18 | 5.3 Medium |
| An issue was discovered in Archer Platform 6 before 2024.03. There is an X-Forwarded-For Header Bypass vulnerability. An unauthenticated attacker could potentially bypass intended whitelisting when X-Forwarded-For header is enabled. | ||||
| CVE-2023-1435 | 1 Wp-dreams | 1 Ajax Search | 2025-03-18 | 6.1 Medium |
| The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-1420 | 1 Wp-dreams | 1 Ajax Search | 2025-03-18 | 6.1 Medium |
| The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-27953 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | 4.7 Medium |
| Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. | ||||
| CVE-2025-2491 | 2025-03-18 | 2.4 Low | ||
| A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||