CVEs and Security Vulnerabilities

Total 277701 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-0228	1 Code-projects	1 Local Storage Todo App	2025-01-10	2.4 Low
A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-48912	1 Glpi-project	1 Glpi	2025-01-10	8.1 High
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue.
CVE-2024-45082	1 Ibm	1 Cognos Analytics	2025-01-10	6.8 Medium
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted.
CVE-2024-41752	1 Ibm	1 Cognos Analytics	2025-01-10	5.4 Medium
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2024-25042	1 Ibm	1 Cognos Analytics	2025-01-10	5.4 Medium
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations.
CVE-2023-22681	1 Online Exam Software \	1 Eexamhall Project	2025-01-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions.
CVE-2023-22678	1 Superior Faq Project	1 Superior Faq	2025-01-10	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions.
CVE-2023-23718	1 Page Loading Effects Project	1 Page Loading Effects	2025-01-10	5.9 Medium
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions.
CVE-2023-23721	1 Admin Log Project	1 Admin Log	2025-01-10	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions.
CVE-2023-22680	1 Altanic	1 No Api Amazon Affiliate	2025-01-10	5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Altanic No API Amazon Affiliate plugin <= 4.2.2 versions.
CVE-2022-47592	1 Magicform Project	1 Magicform	2025-01-10	7.1 High
Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions.
CVE-2022-47591	1 Map Multi Marker Project	1 Map Multi Marker	2025-01-10	7.1 High
Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions.
CVE-2022-42485	1 Galaxyweblinks	1 Gallery With Thumbnail Slider	2025-01-10	5.4 Medium
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions.
CVE-2022-41785	1 Robogallery	1 Gallery Images Ape	2025-01-10	5.4 Medium
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions.
CVE-2022-45843	1 Nextendweb	1 Smart Slider 3	2025-01-10	5.4 Medium
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.
CVE-2022-44742	1 Community Events Project	1 Community Events	2025-01-10	4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions.
CVE-2023-28422	1 Mage-people	1 Event Manager And Tickets Selling For Woocommerce	2025-01-10	5.9 Medium
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions.
CVE-2022-47431	1 Tussendoor	1 Open Rdw Kenteken Voertuiginformatie	2025-01-10	7.1 High
Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions.
CVE-2023-22716	1 Oopspam	1 Oopspam Anti-spam	2025-01-10	5.9 Medium
Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions.
CVE-2023-22712	1 Templatesnext	1 Templatesnext Toolkit	2025-01-10	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions.

« first previous Page 140 of 13886. next last »