Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

CVE güvenlik açıkları, KEV etiketleri, detay sayfaları ve kategori bazlı listeleme.
Toplam kayıt70,903
Sayfa3398 / 3546
FiltreYok
Medium CVSS: 4.3 Yayın: 2025-01-21 18:15:17

CVE-2025-23996

CWE-352
Cross-Site Request Forgery (CSRF) vulnerability in AnyRoad AnyRoad anyguide allows Cross Site Request Forgery.This issue affects AnyRoad: from n/a through
High CVSS: 7.1 Yayın: 2025-01-21 18:15:17

CVE-2025-23994

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings estatebud-properties-listings allows Stored XSS.This issue affects Estatebud – Properties & Listings: fr…
High CVSS: 7.1 Yayın: 2025-01-21 18:15:17

CVE-2025-23580

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matthew BizLibrary bizlibrary allows Reflected XSS.This issue affects BizLibrary: from n/a through
High CVSS: 7.1 Yayın: 2025-01-21 18:15:16

CVE-2025-23551

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in razvypp SexBundle sexbundle allows Reflected XSS.This issue affects SexBundle: from n/a through
High CVSS: 7.1 Yayın: 2025-01-21 18:15:16

CVE-2025-23489

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Messenlehner WP-Announcements wp-announcements allows Reflected XSS.This issue affects WP-Announcements: from n/a through
High CVSS: 8.2 Yayın: 2025-01-21 18:15:16

CVE-2025-23477

CWE-862
Missing Authorization vulnerability in realtyworkstation Realty Workstation realty-workstation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Realty Workstation: from n/a through
High CVSS: 7.1 Yayın: 2025-01-21 18:15:16

CVE-2025-23461

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xkollsoftware Social2Blog social2blog allows Reflected XSS.This issue affects Social2Blog: from n/a through
High CVSS: 7.1 Yayın: 2025-01-21 18:15:16

CVE-2025-23454

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in flashmaniac Nature FlipBook vertical-diamond-flipbook-flash allows Reflected XSS.This issue affects Nature FlipBook: from n/a through
Medium CVSS: 4.3 Yayın: 2025-01-21 18:15:16

CVE-2025-22722

CWE-862
Missing Authorization vulnerability in Marketing Fire Widget Options widget-options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through
Medium CVSS: 4.3 Yayın: 2025-01-21 18:15:15

CVE-2025-22721

CWE-862
Missing Authorization vulnerability in Farhan Noor ApplyOnline apply-online allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline: from n/a through
Medium CVSS: 6.5 Yayın: 2025-01-21 18:15:15

CVE-2025-22661

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Payments – Get Paid with PayPal, Square & Stripe paypal-payment-button-by-vcita allows Stored XSS.This issue affects Online Payments –…
Medium CVSS: 5.9 Yayın: 2025-01-21 18:15:15

CVE-2025-22276

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enguerranws Related Post Shortcode related-post-shortcode allows Stored XSS.This issue affects Related Post Shortcode: from n/a through
Medium CVSS: 6.5 Yayın: 2025-01-21 18:15:15

CVE-2025-22267

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweaver Weaver Themes Shortcode Compatibility weaver-themes-shortcode-compatibility allows Stored XSS.This issue affects Weaver Themes Shortcode Co…
Medium CVSS: 6.8 Yayın: 2025-01-21 18:15:14

CVE-2025-22150

CWE-330
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predi…
Medium CVSS: 5.4 Yayın: 2025-01-21 18:15:14

CVE-2024-54795

Eng Spagobi CWE-79
SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.
Critical CVSS: 9.1 Yayın: 2025-01-21 18:15:14

CVE-2024-54794

Eng Spagobi CWE-77
The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.
Medium CVSS: 6.1 Yayın: 2025-01-21 18:15:14

CVE-2024-54792

Eng Spagobi CWE-352
A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, e…
High CVSS: 7.6 Yayın: 2025-01-21 17:15:16

CVE-2025-24018

Yeswiki Yeswiki CWE-79
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is lo…
Unknown CVSS: - Yayın: 2025-01-21 17:15:16

CVE-2025-0623

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Low CVSS: 2.4 Yayın: 2025-01-21 17:15:14

CVE-2024-45687

CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulat…