| Page(s) : 1 ... 250 251 252 253 254 255 256 257 258 259 [260] 261 262 263 264 265 266 267 268 269 270 ... | Result(s) : 324592 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-05-14 | CVE-2025-4430 | cve | Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024). |
| N/A | 2025-05-14 | CVE-2025-44184 | cve | SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and... |
| N/A | 2025-05-14 | CVE-2025-44024 | cve | Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the l... |
| N/A | 2025-05-14 | CVE-2025-40595 | cve | A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker ... |
| N/A | 2025-05-14 | CVE-2025-3932 | cve | It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The co... |
| N/A | 2025-05-14 | CVE-2025-3931 | cve | A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdr... |
| N/A | 2025-05-14 | CVE-2025-3909 | cve | Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment... |
| N/A | 2025-05-14 | CVE-2025-3877 | cve | Rejected reason: This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986. |
| N/A | 2025-05-14 | CVE-2025-3875 | cve | Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (i... |
| N/A | 2025-05-14 | CVE-2025-3834 | cve | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report. |
| N/A | 2025-05-14 | CVE-2025-3833 | cve | Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports. |
| 5.3 | 2025-05-14 | CVE-2025-3769 | cve | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, ... |
| 9.1 | 2025-05-14 | CVE-2025-3623 | cve | The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the auto... |
| N/A | 2025-05-14 | CVE-2025-3600 | cve | In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of t... |
| 4.4 | 2025-05-14 | CVE-2025-33104 | cve | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alterin... |
| N/A | 2025-05-14 | CVE-2025-32421 | cve | Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Page... |
| N/A | 2025-05-14 | CVE-2025-32363 | cve | mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data. |
| N/A | 2025-05-14 | CVE-2025-30668 | cve | Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. |
| N/A | 2025-05-14 | CVE-2025-30667 | cve | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. |
| N/A | 2025-05-14 | CVE-2025-30666 | cve | NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. |
| Page(s) : 1 ... 250 251 252 253 254 255 256 257 258 259 [260] 261 262 263 264 265 266 267 268 269 270 ... | Result(s) : 324592 |
