Search
Search Results (327199 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32432 | 1 Craftcms | 1 Craft Cms | 2025-04-29 | 10 Critical |
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. | ||||
| CVE-2023-40204 | 1 Premio | 1 Folders | 2025-04-29 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. | ||||
| CVE-2025-46761 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46760 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46759 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46758 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46757 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46756 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46755 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46754 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46753 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2018-13372 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2017-7740 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2022-34830 | 1 Arm | 1 Utgard Gpu Kernel Driver | 2025-04-28 | 7.5 High |
| An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. | ||||
| CVE-2021-46854 | 1 Proftpd | 1 Proftpd | 2025-04-28 | 7.5 High |
| mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | ||||
| CVE-2021-43258 | 1 Churchdb | 1 Churchinfo | 2025-04-28 | 8.8 High |
| CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server. | ||||
| CVE-2021-35284 | 1 Cms-php Project | 1 Cms-php | 2025-04-28 | 9.8 Critical |
| SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. | ||||
| CVE-2022-3737 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2025-04-28 | 7.8 High |
| In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | ||||
| CVE-2022-40772 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | 6.5 Medium |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | ||||
| CVE-2022-40771 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | 4.9 Medium |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | ||||