Total
299893 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10632 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | N/A | 4.8 MEDIUM |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-10634 | 1 Nokautpl | 1 Nokaut Offers Box | 2025-06-09 | N/A | 4.3 MEDIUM |
| The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack | |||||
| CVE-2025-1499 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user. | |||||
| CVE-2025-25044 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 5.4 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-2896 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 4.8 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-11140 | 1 Vk011 | 1 Real Wp Shop Lite Ajax Ecommerce Shopping Cart | 2025-06-09 | N/A | 3.5 LOW |
| The Real WP Shop Lite Ajax eCommerce Shopping Cart WordPress plugin through 2.0.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2025-33004 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 6.5 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction. | |||||
| CVE-2025-33005 | 1 Ibm | 1 Planning Analytics Local | 2025-06-09 | N/A | 6.3 MEDIUM |
| IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2025-46154 | 1 Foxcms | 1 Foxcms | 2025-06-09 | N/A | 8.4 HIGH |
| Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php. | |||||
| CVE-2025-43923 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation. | |||||
| CVE-2025-43924 | 1 Unicomsi | 1 Focal Point | 2025-06-09 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS. | |||||
| CVE-2025-44148 | 1 Mailenable | 1 Mailenable | 2025-06-09 | N/A | 9.8 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component | |||||
| CVE-2025-29306 | 1 Foxcms | 1 Foxcms | 2025-06-09 | N/A | 9.8 CRITICAL |
| An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. | |||||
| CVE-2024-25251 | 1 Carmelo | 1 Agro-school Management System | 2025-06-09 | N/A | 8.8 HIGH |
| code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control. | |||||
| CVE-2024-21116 | 2 Linux, Oracle | 2 Linux Kernel, Vm Virtualbox | 2025-06-09 | N/A | 7.8 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-21136 | 1 Oracle | 1 Retail Xstore Office | 2025-06-09 | N/A | 8.6 HIGH |
| Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2024-21026 | 1 Oracle | 1 Complex Maintenance Repair And Overhaul | 2025-06-09 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2024-21175 | 1 Oracle | 1 Weblogic Server | 2025-06-09 | N/A | 7.5 HIGH |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | |||||
| CVE-2023-5388 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2025-06-09 | N/A | 6.5 MEDIUM |
| NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-12976 | 1 Code-projects | 1 Hospital Management System | 2025-06-09 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||