Total
276814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33193 | 1 Emby | 1 Emby.releases | 2025-01-10 | 9.1 Critical |
| Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system, depending on certain user account settings. By spoofing certain headers which are intended for interoperation with reverse proxy servers, it may be possible to affect the local/non-local network determination to allow logging in without password or to view a list of user accounts which may have no password configured. Impacted are all Emby Server system which are publicly accessible and where the administrator hasn't tightened the account login configuration for administrative users. This issue has been patched in Emby Server Beta version 4.8.31 and Emby Server version 4.7.12. | ||||
| CVE-2025-0230 | 1 Fabianros | 1 Responsive Hotel Site | 2025-01-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file /admin/print.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-33186 | 1 Zulip | 1 Zulip Server | 2025-01-10 | 8.2 High |
| Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker. | ||||
| CVE-2025-0229 | 1 Fabianros | 1 Travel Management System | 2025-01-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation of the argument pid/t1/t2/t3/t4/t5/t6/t7 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0228 | 1 Code-projects | 1 Local Storage Todo App | 2025-01-10 | 2.4 Low |
| A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48912 | 1 Glpi-project | 1 Glpi | 2025-01-10 | 8.1 High |
| GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2024-45082 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | 6.8 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. | ||||
| CVE-2024-41752 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | 5.4 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2024-25042 | 1 Ibm | 1 Cognos Analytics | 2025-01-10 | 5.4 Medium |
| IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. | ||||
| CVE-2023-22681 | 1 Online Exam Software \ | 1 Eexamhall Project | 2025-01-10 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. | ||||
| CVE-2023-22678 | 1 Superior Faq Project | 1 Superior Faq | 2025-01-10 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. | ||||
| CVE-2023-23718 | 1 Page Loading Effects Project | 1 Page Loading Effects | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions. | ||||
| CVE-2023-23721 | 1 Admin Log Project | 1 Admin Log | 2025-01-10 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions. | ||||
| CVE-2023-22680 | 1 Altanic | 1 No Api Amazon Affiliate | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Altanic No API Amazon Affiliate plugin <= 4.2.2 versions. | ||||
| CVE-2022-47592 | 1 Magicform Project | 1 Magicform | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions. | ||||
| CVE-2022-47591 | 1 Map Multi Marker Project | 1 Map Multi Marker | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. | ||||
| CVE-2022-42485 | 1 Galaxyweblinks | 1 Gallery With Thumbnail Slider | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions. | ||||
| CVE-2022-41785 | 1 Robogallery | 1 Gallery Images Ape | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions. | ||||
| CVE-2022-45843 | 1 Nextendweb | 1 Smart Slider 3 | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. | ||||
| CVE-2022-44742 | 1 Community Events Project | 1 Community Events | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions. | ||||