Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27803 | 1 Apple | 2 Ipados, Iphone Os | 2025-03-25 | 2.4 Low |
| A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen. | ||||
| CVE-2024-26318 | 1 Serenity | 1 Serenity | 2025-03-25 | 6.1 Medium |
| Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. | ||||
| CVE-2024-0677 | 2025-03-25 | 5.1 Medium | ||
| The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. | ||||
| CVE-2023-52369 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 9.1 Critical |
| Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
| CVE-2023-25016 | 1 Couchbase | 1 Couchbase Server | 2025-03-25 | 7.5 High |
| Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. | ||||
| CVE-2023-24276 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2025-03-25 | 9.8 Critical |
| TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. | ||||
| CVE-2023-22849 | 1 Apache | 1 Sling Cms | 2025-03-25 | 6.1 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 | ||||
| CVE-2023-20607 | 2 Google, Mediatek | 4 Android, Mt6765, Mt6768 and 1 more | 2025-03-25 | 6.4 Medium |
| In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839. | ||||
| CVE-2023-0236 | 1 Themeum | 1 Tutor Lms | 2025-03-25 | 6.1 Medium |
| The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-0234 | 1 Siteground | 1 Siteground Security | 2025-03-25 | 8.8 High |
| The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. | ||||
| CVE-2023-0173 | 1 Getwpfunnels | 1 Drag \& Drop Sales Funnel Builder | 2025-03-25 | 5.4 Medium |
| The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0148 | 1 Vilyon | 1 Gallery Factory Lite | 2025-03-25 | 5.4 Medium |
| The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0095 | 1 A3rev | 1 Page View Count | 2025-03-25 | 5.4 Medium |
| The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4762 | 1 Extendthemes | 1 Materialis Companion | 2025-03-25 | 5.4 Medium |
| The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2022-4747 | 1 Essentialplugin | 1 Download Post Category Image With Grid And Slider | 2025-03-25 | 5.4 Medium |
| The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | ||||
| CVE-2022-4681 | 1 Wpwave | 1 Hide My Wp | 2025-03-25 | 9.8 Critical |
| The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | 7.4 High |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2022-25853 | 1 Semver-tags Project | 1 Semver-tags | 2025-03-25 | 7.4 High |
| All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | ||||
| CVE-2019-19752 | 1 Fullzero | 1 Nvoc | 2025-03-25 | 9.8 Critical |
| nvOC through 3.2 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated plans to fix this in the next image build. | ||||
| CVE-2025-2386 | 1 Anujkumar | 1 Local Services Search Engine Management System | 2025-03-25 | 7.3 High |
| A vulnerability was found in PHPGurukul Local Services Search Engine Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /serviceman-search.php. The manipulation of the argument location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||