Total
277590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43729 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 6.5 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a high impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-43717 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 4.3 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-43716 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 4.3 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-6495 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-15 | 6.4 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text widget in all versions up to, and including, 4.10.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1235 | 1 Livemeshelementor | 1 Addons For Elementor | 2025-01-15 | 6.4 Medium |
| The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3492 | 1 Pixelite | 1 Events Manager | 2025-01-15 | 6.4 Medium |
| The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-5553 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-15 | 4.4 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via several parameters in all versions up to, and including, 4.10.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses and edits an injected element, and subsequently clicks the element with the mouse scroll wheel. | ||||
| CVE-2024-1130 | 1 Basixonline | 1 Nex-forms | 2025-01-15 | 5.3 Medium |
| The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read. | ||||
| CVE-2024-1129 | 1 Basixonline | 1 Nex-forms | 2025-01-15 | 5.3 Medium |
| The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred. | ||||
| CVE-2024-0907 | 1 Basixonline | 1 Nex-forms | 2025-01-15 | 5.3 Medium |
| The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records. | ||||
| CVE-2024-5189 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-15 | 6.4 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-22997 | 2025-01-15 | 4.8 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | ||||
| CVE-2025-22996 | 2025-01-15 | 4.8 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | ||||
| CVE-2025-22621 | 2025-01-15 | 6.4 Medium | ||
| In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles. | ||||
| CVE-2025-21083 | 2025-01-15 | 6.5 Medium | ||
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | ||||
| CVE-2025-20088 | 2025-01-15 | 6.5 Medium | ||
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | ||||
| CVE-2025-20086 | 2025-01-15 | 6.5 Medium | ||
| Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | ||||
| CVE-2025-20036 | 2025-01-15 | 6.5 Medium | ||
| Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | ||||
| CVE-2024-7085 | 2025-01-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1. | ||||
| CVE-2024-57620 | 2025-01-15 | 7.5 High | ||
| An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||