Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-24867 | 1 Plugins-market | 1 Wp Visitor Statistics | 2025-02-20 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4. | |||||
| CVE-2020-36666 | 1 E-plugins | 11 Directory Pro, Final User, Fitness Trainer and 8 more | 2025-02-19 | N/A | 8.8 HIGH |
| The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable. | |||||
| CVE-2023-25722 | 1 Veracode | 1 Veracode | 2025-02-19 | N/A | 5.5 MEDIUM |
| A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the "Connect using proxy" option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments. | |||||
| CVE-2023-25721 | 1 Veracode | 1 Veracode | 2025-02-19 | N/A | 6.5 MEDIUM |
| Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials. | |||||
| CVE-2023-25260 | 1 Stimulsoft | 1 Designer | 2025-02-19 | N/A | 7.5 HIGH |
| Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. | |||||
| CVE-2023-20860 | 1 Vmware | 1 Spring Framework | 2025-02-19 | N/A | 7.5 HIGH |
| Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | |||||
| CVE-2022-48356 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition. | |||||
| CVE-2022-48347 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-48346 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-46415 | 1 Dji | 2 Spark, Spark Firmware | 2025-02-19 | N/A | 9.1 CRITICAL |
| DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets. | |||||
| CVE-2022-46387 | 2 Cmder, Maximus5 | 2 Cmder, Conemu | 2025-02-19 | N/A | 9.8 CRITICAL |
| ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands. | |||||
| CVE-2023-24366 | 1 Rconfig | 1 Rconfig | 2025-02-19 | N/A | 6.5 MEDIUM |
| An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request. | |||||
| CVE-2019-8963 | 1 Flexera | 1 Flexnet Publisher | 2025-02-19 | N/A | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher's lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool. | |||||
| CVE-2022-48359 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-48357 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel. | |||||
| CVE-2023-28597 | 2 Microsoft, Zoom | 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more | 2025-02-19 | N/A | 8.3 HIGH |
| Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. | |||||
| CVE-2023-26549 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-25261 | 1 Stimulsoft | 2 Designer, Viewer | 2025-02-19 | N/A | 9.8 CRITICAL |
| Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report. | |||||
| CVE-2020-8889 | 1 Shipstation | 1 Shipstation | 2025-02-19 | N/A | 7.5 HIGH |
| The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL. | |||||
| CVE-2025-24373 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2025-02-19 | N/A | 6.5 MEDIUM |
| woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||