Search Results (365312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-1104 1 Areal-topkapi 1 Webserv2 2025-05-06 7.5 High
An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users.
CVE-2025-2381 1 Phpgurukul 1 Curfew E-pass Management System 2025-05-06 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Curfew e-Pass Management System 1.0. Affected is an unknown function of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-40487 1 Processwire 1 Processwire 2025-05-06 6.1 Medium
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.
CVE-2022-3308 1 Google 1 Chrome 2025-05-06 7.4 High
Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-3307 1 Google 1 Chrome 2025-05-06 8.8 High
Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3306 1 Google 2 Chrome, Chrome Os 2025-05-06 8.8 High
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3305 1 Google 2 Chrome, Chrome Os 2025-05-06 8.8 High
Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2018-6342 2 Facebook, Microsoft 2 React-dev-utils, Windows 2025-05-06 9.8 Critical
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2.
CVE-2018-6341 1 Facebook 1 React 2025-05-06 6.1 Medium
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
CVE-2018-6337 1 Facebook 2 Folly, Hhvm 2025-05-06 7.5 High
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00.
CVE-2018-6334 1 Facebook 1 Hhvm 2025-05-06 9.8 Critical
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
CVE-2018-20622 2 Debian, Jasper Project 2 Debian Linux, Jasper 2025-05-06 6.5 Medium
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
CVE-2018-20618 1 Ok-file-formats Project 1 Ok-file-formats 2025-05-06 8.8 High
ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c.
CVE-2018-19937 1 Videolan 1 Vlc For Mobile 2025-05-06 6.6 Medium
A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.
CVE-2018-18602 1 Guardzilla 12 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 9 more 2025-05-06 9.8 Critical
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVE-2024-20327 1 Cisco 13 Asr 9000v-v2, Asr 9001, Asr 9006 and 10 more 2025-05-06 7.4 High
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
CVE-2024-5075 1 Tipsandtricks-hq 1 Wp Emember 2025-05-06 5.9 Medium
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-5076 1 Tipsandtricks-hq 1 Wp Emember 2025-05-06 8.8 High
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-5077 1 Tipsandtricks-hq 1 Wp Emember 2025-05-06 6.8 Medium
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2018-6668 1 Mcafee 1 Application Change Control 2025-05-06 N/A
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell.