Search
Search Results (341651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5975 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /rpms/download-pass.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-47021 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2025-06-24 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-1233 | 1 Althemist | 1 Lafka Plugin | 2025-06-24 | 4.3 Medium |
| The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site. | ||||
| CVE-2025-47452 | 1 Rextheme | 1 Wp Vr | 2025-06-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26. | ||||
| CVE-2025-52935 | 1 Dragonflydb | 1 Dragonfly | 2025-06-24 | N/A |
| Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18. | ||||
| CVE-2025-41228 | 1 Vmware | 2 Esxi, Vcenter Server | 2025-06-24 | 4.3 Medium |
| VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites. | ||||
| CVE-2025-41227 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2025-06-24 | 5.5 Medium |
| VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. | ||||
| CVE-2025-41226 | 1 Vmware | 1 Esxi | 2025-06-24 | 6.8 Medium |
| VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled. | ||||
| CVE-2025-41225 | 1 Vmware | 1 Vcenter Server | 2025-06-24 | 8.8 High |
| The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server. | ||||
| CVE-2025-52979 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52978 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52977 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52976 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52975 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52974 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52973 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52972 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52971 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2024-28715 | 1 Html-js | 1 Doracms | 2025-06-24 | 8.8 High |
| Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. | ||||
| CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.6 Medium |
| A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | ||||