Total
289036 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43720 | 1 Apache | 1 Superset | 2025-04-07 | 5.4 Medium |
| An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2022-43719 | 1 Apache | 1 Superset | 2025-04-07 | 8.8 High |
| Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | ||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0315 | 1 Froxlor | 1 Froxlor | 2025-04-07 | 8.8 High |
| Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. | ||||
| CVE-2023-0316 | 1 Froxlor | 1 Froxlor | 2025-04-07 | 5.5 Medium |
| Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. | ||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | ||||
| CVE-2022-2155 | 1 Hitachienergy | 1 Lumada Asset Performance Management | 2025-04-07 | 5.7 Medium |
| A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker. Affected versions * Lumada APM on-premises version 6.0.0.0 - 6.4.0.* List of CPEs: * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:* | ||||
| CVE-2020-19248 | 1 Pbootcms | 1 Pbootcms | 2025-04-07 | 5.1 Medium |
| SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates. | ||||
| CVE-2024-53364 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2025-04-07 | 5.4 Medium |
| A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries. | ||||
| CVE-2025-25878 | 1 Angeljudesuarez | 1 Simple Chatbox | 2025-04-07 | 3.8 Low |
| A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /del.php. The attack can use SQL injection to obtain sensitive data. | ||||
| CVE-2024-51772 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 6.4 Medium |
| An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2024-51773 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 4.8 Medium |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | ||||
| CVE-2024-53672 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 4.7 Medium |
| A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | ||||
| CVE-2024-51771 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 7.2 High |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. | ||||
| CVE-2022-43591 | 1 Qt | 1 Qt | 2025-04-07 | 8.8 High |
| A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. | ||||
| CVE-2024-41915 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 7.2 High |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | ||||
| CVE-2025-21431 | 2025-04-07 | 5.5 Medium | ||
| Information disclosure may be there when a guest VM is connected. | ||||
| CVE-2023-0243 | 1 Tuzicms Project | 1 Tuzicms | 2025-04-07 | 6.3 Medium |
| A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151. | ||||
| CVE-2024-0902 | 1 Radykal | 1 Fancy Product Designer | 2025-04-07 | 4.3 Medium |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-53457 | 1 Librenms | 1 Librenms | 2025-04-07 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. | ||||