Latest CVE Feed
-
6.4
MEDIUMCVE-2024-2868
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slitems parameter in the WL Special Day Offer Widget in all ver... Read more
- Published: Apr. 04, 2024
- Modified: Aug. 27, 2025
-
6.1
MEDIUMCVE-2024-2822
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the atta... Read more
Affected Products : dedecms- Published: Mar. 22, 2024
- Modified: Aug. 27, 2025
-
6.1
MEDIUMCVE-2024-2821
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. T... Read more
Affected Products : dedecms- Published: Mar. 22, 2024
- Modified: Aug. 27, 2025
-
4.4
MEDIUMCVE-2024-2689
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left u... Read more
Affected Products :- Published: Apr. 03, 2024
- Modified: Aug. 27, 2025
-
6.8
MEDIUMCVE-2024-2654
The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read th... Read more
- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
6.4
MEDIUMCVE-2024-2423
The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.2.6 due to... Read more
Affected Products : userswp- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
6.4
MEDIUMCVE-2024-2348
The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : gum_elementor_addon- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
6.1
MEDIUMCVE-2024-2200
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This ... Read more
Affected Products : contact_form- Published: Apr. 09, 2024
- Modified: Aug. 27, 2025
-
5.9
MEDIUMCVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and se... Read more
Affected Products : enterprise_linux fedora debian_linux openssh openshift_container_platform macos filezilla_client ceph_storage freebsd keycloak +59 more products- Published: Dec. 18, 2023
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2021-28165
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.... Read more
Affected Products : snapcenter e-series_santricity_os_controller e-series_santricity_web_services storage_replication_adapter_for_clustered_data_ontap vasa_provider_for_clustered_data_ontap communications_cloud_native_core_policy autovue_for_agile_product_lifecycle_management communications_services_gatekeeper communications_session_report_manager communications_session_route_manager +11 more products- Published: Apr. 01, 2021
- Modified: Aug. 27, 2025
-
8.3
HIGHCVE-2021-20190
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.... Read more
- Published: Jan. 19, 2021
- Modified: Aug. 27, 2025
-
7.5
HIGHCVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.... Read more
Affected Products : debian_linux active_iq_unified_manager weblogic_server peoplesoft_enterprise_peopletools oncommand_insight oncommand_workflow_automation communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function primavera_unifier communications_cloud_native_core_unified_data_repository +26 more products- Published: Mar. 11, 2022
- Modified: Aug. 27, 2025
-
8.1
HIGHCVE-2020-35728
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jst... Read more
Affected Products : debian_linux communications_policy_management data_integrator retail_customer_management_and_segmentation_foundation primavera_unifier application_testing_suite goldengate_application_adapters jd_edwards_enterpriseone_tools communications_cloud_native_core_unified_data_repository retail_xstore_point_of_service +30 more products- Published: Dec. 27, 2020
- Modified: Aug. 27, 2025
-
8.1
HIGHCVE-2020-14061
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle... Read more
Affected Products : debian_linux active_iq_unified_manager steelstore_cloud_integrated_storage jackson-databind agile_plm autovue_for_agile_product_lifecycle_management communications_diameter_signaling_router communications_evolved_communications_application_server communications_instant_messaging_server communications_session_report_manager +5 more products- Published: Jun. 14, 2020
- Modified: Aug. 27, 2025
-
5.9
MEDIUMCVE-2019-12814
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the c... Read more
- Published: Jun. 19, 2019
- Modified: Aug. 27, 2025
-
9.8
CRITICALCVE-2017-17485
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the re... Read more
- Published: Jan. 10, 2018
- Modified: Aug. 27, 2025
-
8.8
HIGHCVE-2025-2338
A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploi... Read more
Affected Products : matio- Published: Mar. 16, 2025
- Modified: Aug. 27, 2025
-
9.8
CRITICALCVE-2024-11121
A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of t... Read more
Affected Products : lingdang_crm- Published: Nov. 12, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2024-21784
Uncontrolled search path for some Intel(R) IPP Cryptography software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
- Published: Aug. 14, 2024
- Modified: Aug. 27, 2025
-
7.6
HIGHCVE-2024-5746
A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker with the Site Administrator role to gain arbitrary code execution capability on the GitHub Enterprise Server instance. Exploitation required au... Read more
Affected Products : enterprise_server- Published: Jun. 20, 2024
- Modified: Aug. 27, 2025