Search Results (120975 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9964 1 Google 1 Chrome 2025-03-25 4.3 Medium
Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-9963 1 Google 1 Chrome 2025-03-25 4.3 Medium
Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-9962 1 Google 1 Chrome 2025-03-25 4.3 Medium
Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-9958 1 Google 1 Chrome 2025-03-25 4.3 Medium
Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-8906 1 Google 1 Chrome 2025-03-25 4.3 Medium
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-7975 1 Google 1 Chrome 2025-03-25 4.3 Medium
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-40519 1 Seacms 1 Seacms 2025-03-25 8.8 High
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-29013 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2025-03-25 5.3 Medium
Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function.
CVE-2024-29012 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2025-03-25 4.9 Medium
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
CVE-2024-28710 1 Limesurvey 1 Limesurvey 2025-03-25 6.1 Medium
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
CVE-2024-28709 1 Limesurvey 1 Limesurvey 2025-03-25 6.1 Medium
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
CVE-2018-20072 1 Google 1 Chrome 2025-03-25 7.8 High
Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)
CVE-2023-52155 1 Sigb 1 Pmb 2025-03-25 7.2 High
A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint.
CVE-2023-52153 2 Pmb Project, Sigb 2 Pmb, Pmb 2025-03-25 9.8 Critical
A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value.
CVE-2023-51828 2 Pmb Project, Sigb 2 Pmb, Pmb 2025-03-25 9.8 Critical
A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function.
CVE-2023-38844 1 Sigb 1 Pmb 2025-03-25 7.5 High
SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php.
CVE-2023-37177 1 Sigb 1 Pmb 2025-03-25 9.8 Critical
SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint.
CVE-2025-22974 1 Seacms 1 Seacms 2025-03-25 9.8 Critical
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVE-2024-57685 1 Sparkshop 1 Sparkshop 2025-03-25 5.3 Medium
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.
CVE-2022-42444 3 Ibm, Linux, Microsoft 4 Aix, App Connect Enterprise, Linux Kernel and 1 more 2025-03-25 4.9 Medium
IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.