Total
276471 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55082 | 2025-01-02 | 7.5 High | ||
| A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. | ||||
| CVE-2024-55081 | 2025-01-02 | 9.8 Critical | ||
| An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input. | ||||
| CVE-2024-52047 | 2025-01-02 | 7.5 High | ||
| A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-48197 | 2025-01-02 | 4.7 Medium | ||
| Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. | ||||
| CVE-2023-35144 | 1 Jenkins | 1 Maven Repository Server | 2025-01-02 | 5.4 Medium |
| Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-35143 | 1 Jenkins | 1 Maven Repository Server | 2025-01-02 | 5.4 Medium |
| Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`. | ||||
| CVE-2023-35141 | 1 Jenkins | 1 Jenkins | 2025-01-02 | 8 High |
| In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context menu. | ||||
| CVE-2023-34754 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | ||||
| CVE-2023-34753 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | ||||
| CVE-2023-34752 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | ||||
| CVE-2023-34751 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. | ||||
| CVE-2023-34750 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-02 | 9.8 Critical |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | ||||
| CVE-2022-41082 | 1 Microsoft | 1 Exchange Server | 2025-01-02 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41040 | 1 Microsoft | 1 Exchange Server | 2025-01-02 | 8.8 High |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| CVE-2024-2147 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-01-02 | 7.3 High |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255500. | ||||
| CVE-2022-38019 | 1 Microsoft | 1 Av1 Video Extension | 2025-01-02 | 7.8 High |
| AV1 Video Extension Remote Code Execution Vulnerability | ||||
| CVE-2022-38013 | 3 Fedoraproject, Microsoft, Redhat | 7 Fedora, .net, .net Core and 4 more | 2025-01-02 | 7.5 High |
| .NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2022-38011 | 1 Microsoft | 3 Raw Image Extension, Windows 10, Windows 11 | 2025-01-02 | 7.3 High |
| Raw Image Extension Remote Code Execution Vulnerability | ||||
| CVE-2022-38007 | 1 Microsoft | 2 Azure Arc, Azure Guest Configuration | 2025-01-02 | 7.8 High |
| Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability | ||||
| CVE-2022-37972 | 1 Microsoft | 1 Endpoint Configuration Manager | 2025-01-02 | 7.5 High |
| Microsoft Endpoint Configuration Manager Spoofing Vulnerability | ||||