Export limit exceeded: 23202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 17062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 17062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5367 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-06-03 | 7.3 High |
| A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32228 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 6.6 Medium |
| FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. | ||||
| CVE-2025-5368 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5373 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-06-03 | 6.3 Medium |
| A vulnerability has been found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This vulnerability affects unknown code of the file /admin/users-applications.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5374 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in PHPGurukul Online Birth Certificate System 2.0 and classified as critical. This issue affects some unknown processing of the file /admin/all-applications.php. The manipulation of the argument del leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-32229 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.4 High |
| FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. | ||||
| CVE-2025-5375 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-06-03 | 6.3 Medium |
| A vulnerability was found in PHPGurukul HPGurukul Online Birth Certificate System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/registered-users.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-43843 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-06-03 | 7.3 High |
| Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to read user and administrator accounts passwords via HTTP GET request. | ||||
| CVE-2023-43842 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-06-03 | 7.3 High |
| Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request. | ||||
| CVE-2024-23059 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | ||||
| CVE-2024-22942 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-03 | 9.8 Critical |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | ||||
| CVE-2024-22164 | 1 Splunk | 1 Enterprise Security | 2025-06-03 | 4.3 Medium |
| In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | ||||
| CVE-2024-21773 | 1 Tp-link | 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more | 2025-06-03 | 8.8 High |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | ||||
| CVE-2024-21732 | 1 Flycms Project | 1 Flycms | 2025-06-03 | 6.1 Medium |
| FlyCms through abbaa5a allows XSS via the permission management feature. | ||||
| CVE-2024-20805 | 1 Samsung | 2 Android, Myfiles | 2025-06-03 | 3.3 Low |
| Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. | ||||
| CVE-2024-0333 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-03 | 5.3 Medium |
| Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-6984 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2025-06-03 | 5.3 Medium |
| The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6830 | 1 Strategy11 | 1 Formidable Form Builder | 2025-06-03 | 6.5 Medium |
| The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites. | ||||
| CVE-2023-6600 | 1 Daan | 1 Omgf | 2025-06-03 | 8.6 High |
| The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched. | ||||
| CVE-2023-6551 | 1 Verot | 1 Class.upload.php | 2025-06-03 | 5.4 Medium |
| As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines. | ||||