Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-26575 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle Maurer Display Post Meta allows Reflected XSS. This issue affects Display Post Meta: from n/a through 2.4.4. | ||||
| CVE-2025-26573 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Rizzi Guestbook allows Reflected XSS. This issue affects Rizzi Guestbook: from n/a through 4.0.1. | ||||
| CVE-2025-26566 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound In Stock Mailer for WooCommerce allows Reflected XSS. This issue affects In Stock Mailer for WooCommerce: from n/a through 2.1.1. | ||||
| CVE-2025-26565 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kagla GNUPress allows Reflected XSS. This issue affects GNUPress: from n/a through 0.2.9. | ||||
| CVE-2025-25373 | 2025-03-26 | 9.8 Critical | ||
| The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | ||||
| CVE-2024-55030 | 2025-03-26 | 9.8 Critical | ||
| A command injection vulnerability in the Command Dispatcher Service of NASA Fprime v3.4.3 allows attackers to execute arbitrary commands. | ||||
| CVE-2024-55028 | 2025-03-26 | 9.8 Critical | ||
| A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. | ||||
| CVE-2024-4149 | 1 Premio | 2 Chaty, Floating Chat Widget | 2025-03-26 | 6.1 Medium |
| The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-48818 | 2025-03-26 | 9.8 Critical | ||
| An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. | ||||
| CVE-2024-42616 | 1 Pligg | 1 Pligg Cms | 2025-03-26 | 8.8 High |
| Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics | ||||
| CVE-2024-41564 | 1 Emilyploszaj | 1 Emi | 2025-03-26 | 4.3 Medium |
| EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in EMI mod for Minecraft, which allows in-game item duplication. | ||||
| CVE-2024-41511 | 1 Cadclick | 1 Cadclick | 2025-03-26 | 3.9 Low |
| A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. | ||||
| CVE-2024-33382 | 1 Open5gs | 1 Open5gs | 2025-03-26 | 5.3 Medium |
| An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration | ||||
| CVE-2024-33247 | 1 Oretnom23 | 1 Employee Task Management System | 2025-03-26 | 8.8 High |
| Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. | ||||
| CVE-2024-2626 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-26 | 6.5 Medium |
| Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-28872 | 1 Isc | 1 Stork | 2025-03-26 | 8.9 High |
| The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0. | ||||
| CVE-2024-28639 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2025-03-26 | 9.8 Critical |
| Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. | ||||
| CVE-2024-21183 | 1 Oracle | 1 Weblogic Server | 2025-03-26 | 7.5 High |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2024-21130 | 1 Oracle | 1 Mysql | 2025-03-26 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-21071 | 1 Oracle | 1 Workflow | 2025-03-26 | 9.1 Critical |
| Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||