Vulnerabilities (CVE)

Total 301387 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0224 1 Givewp 1 Givewp 2025-06-13 N/A 9.8 CRITICAL
The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks
CVE-2022-4976 2025-06-13 N/A 9.8 CRITICAL
Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.
CVE-2024-33901 1 Keepassxc 1 Keepassxc 2025-06-13 N/A 6.5 MEDIUM
Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs.
CVE-2024-32407 1 Inducer 1 Relate 2025-06-13 N/A 8.8 HIGH
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
CVE-2024-32405 1 Inducer 1 Relate 2025-06-13 N/A 2.6 LOW
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
CVE-2024-50849 1 Rws 1 Worldserver 2025-06-13 N/A 4.8 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.
CVE-2025-26013 1 Olajowon 1 Loggrove 2025-06-13 N/A 8.2 HIGH
An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.
CVE-2025-26014 1 Olajowon 1 Loggrove 2025-06-13 N/A 9.8 CRITICAL
A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.
CVE-2025-45752 1 Seeddms 1 Seeddms 2025-06-13 N/A 7.2 HIGH
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
CVE-2024-57529 1 Jeppesen 1 Jetplanner 2025-06-13 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
CVE-2025-28099 1 Fumiao 1 Opencms 2025-06-13 N/A 4.3 MEDIUM
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,
CVE-2025-48068 2025-06-13 N/A N/A
Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2.
CVE-2022-41572 1 Eyesofnetwork 1 Eyesofnetwork 2025-06-13 N/A 9.8 CRITICAL
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.
CVE-2024-22893 1 Openslides 1 Openslides 2025-06-13 N/A 7.5 HIGH
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
CVE-2024-37759 1 Datagear 1 Datagear 2025-06-13 N/A 9.8 CRITICAL
DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface.
CVE-2024-37665 1 Wvp-pro 1 Gb28181 2025-06-13 N/A 8.8 HIGH
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.
CVE-2024-36523 1 Wvp-pro 1 Gb28181 2025-06-13 N/A 6.5 MEDIUM
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.
CVE-2024-39174 1 Yzmcms 1 Yzmcms 2025-06-13 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article.
CVE-2024-37674 1 Moodle 1 Moodle 2025-06-13 N/A 5.5 MEDIUM
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVE-2025-46983 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.