Search Results (120990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42408 1 Pdf-xchange 1 Pdf-xchange Editor 2025-03-31 5.5 Medium
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543.
CVE-2014-2050 1 Owncloud 2 Owncloud, Owncloud Server 2025-03-31 6.5 Medium
Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
CVE-2013-0202 1 Owncloud 1 Owncloud Server 2025-03-31 6.1 Medium
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.
CVE-2013-0203 1 Owncloud 2 Owncloud, Owncloud Server 2025-03-31 5.4 Medium
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php.
CVE-2021-29659 1 Owncloud 1 Owncloud Server 2025-03-31 6.5 Medium
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
CVE-2014-2052 1 Owncloud 2 Owncloud, Owncloud Server 2025-03-31 9.8 Critical
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
CVE-2015-4715 1 Owncloud 2 Owncloud, Owncloud Server 2025-03-31 4.9 Medium
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values.
CVE-2024-2631 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-29 4.3 Medium
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-25865 1 Anzhiyu-c 1 Hexo-theme-anzhiyu 2025-03-29 6.1 Medium
Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function.
CVE-2024-25422 1 Sem-cms 1 Semcms 2025-03-29 9.8 Critical
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
CVE-2024-31402 1 Cybozu 1 Garoon 2025-03-28 4.3 Medium
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
CVE-2024-25468 1 Totolink 2 X5000r, X5000r Firmware 2025-03-28 7.5 High
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.
CVE-2022-45320 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-03-28 6.3 Medium
Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.
CVE-2024-4950 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-28 5.3 Medium
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-2887 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-28 8.1 High
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2024-22344 1 Ibm 2 Txseries For Multiplatform, Txseries For Multiplatforms 2025-03-28 6.1 Medium
IBM TXSeries for Multiplatforms 8.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 280191.
CVE-2024-11993 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-03-28 6.1 Medium
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
CVE-2019-25053 1 Sage 1 Sage Frp 1000 2025-03-28 7.5 High
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL.
CVE-2025-25462 1 Phpgurukul 1 Land Record System 2025-03-28 5.5 Medium
A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVE-2025-28011 1 Phpgurukul 1 User Registration \& Login And User Management System 2025-03-28 6.1 Medium
A SQL Injection was found in loginsystem/change-password.php in PHPGurukul User Registration & Login and User Management System v3.3 allows remote attackers to execute arbitrary code via the currentpassword POST request parameter.