Export limit exceeded: 17051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25909 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2022-25870 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2022-25868 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2022-24067 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2025-1845 | 1 Esafenet | 1 Dsm | 2025-05-28 | 6.3 Medium |
| A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Affected by this vulnerability is the function examExportPDF of the file /admin/plan/examExportPDF. The manipulation of the argument s leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1844 | 1 Esafenet | 1 Cdg | 2025-05-28 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. Affected is an unknown function of the file /CDGServer3/logManagement/backupLogDetail.jsp. The manipulation of the argument logTaskId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0348 | 1 Campcodes | 1 Deped Equipment Inventory System | 2025-05-28 | 3.5 Low |
| A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4815 | 1 Campcodes | 1 Sales And Inventory System | 2025-05-28 | 7.3 High |
| A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/supplier_update.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-41550 | 1 Campcodes | 1 Supplier Management System | 2025-05-28 | 7.2 High |
| CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_invoice_items.php?id= . | ||||
| CVE-2025-1841 | 1 Esafenet | 1 Cdg | 2025-05-28 | 7.3 High |
| A vulnerability classified as critical has been found in ESAFENET CDG 5.6.3.154.205. This affects an unknown part of the file /CDGServer3/logManagement/ClientSortLog.jsp. The manipulation of the argument startDate/endDate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-51138 | 1 Draytek | 46 Vigor1000b, Vigor1000b Firmware, Vigor2133 and 43 more | 2025-05-28 | 9.8 Critical |
| Vigor165/166 4.2.7 and earlier; Vigor2620/LTE200 3.9.8.9 and earlier; Vigor2860/2925 3.9.8 and earlier; Vigor2862/2926 3.9.9.5 and earlier; Vigor2133/2762/2832 3.9.9 and earlier; Vigor2135/2765/2766 4.4.5. and earlier; Vigor2865/2866/2927 4.4.5.3 and earlier; Vigor2962 4.3.2.8 and earlier; Vigor3912 4.3.6.1 and earlier; Vigor3910 4.4.3.1 and earlier a stack-based buffer overflow vulnerability has been identified in the URL parsing functionality of the TR069 STUN server. This flaw occurs due to insufficient bounds checking on the amount of URL parameters, allowing an attacker to exploit the overflow by sending a maliciously crafted request. Consequently, a remote attacker can execute arbitrary code with elevated privileges. | ||||
| CVE-2024-51139 | 1 Draytek | 46 Vigor1000b, Vigor1000b Firmware, Vigor2133 and 43 more | 2025-05-28 | 9.8 Critical |
| Buffer Overflow vulnerability in Vigor2620/LTE200 3.9.8.9 and earlier and Vigor2860/2925 3.9.8 and earlier and Vigor2862/2926 3.9.9.5 and earlier and Vigor2133/2762/2832 3.9.9 and earlier and Vigor165/166 4.2.7 and earlier and Vigor2135/2765/2766 4.4.5.1 and earlier and Vigor2865/2866/2927 4.4.5.3 and earlier and Vigor2962/3910 4.3.2.8/4.4.3.1 and earlier and Vigor3912 4.3.6.1 and earlier allows a remote attacker to execute arbitrary code via the CGI parser's handling of the "Content-Length" header of HTTP POST requests. | ||||
| CVE-2023-6512 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-28 | 6.5 Medium |
| Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-49493 | 1 Dedecms | 1 Dedecms | 2025-05-28 | 6.1 Medium |
| DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | ||||
| CVE-2023-49437 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-05-28 | 9.8 Critical |
| Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | ||||
| CVE-2023-49404 | 1 Tenda | 2 W30e, W30e Firmware | 2025-05-28 | 9.8 Critical |
| Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. | ||||
| CVE-2023-49246 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-28 | 7.5 High |
| Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-48834 | 1 Phpjabbers | 1 Car Rental Script | 2025-05-28 | 7.5 High |
| A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | ||||
| CVE-2023-46307 | 1 Buddho | 1 Etcd Browser | 2025-05-28 | 7.5 High |
| An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. | ||||
| CVE-2023-45210 | 1 Pleasanter | 1 Pleasanter | 2025-05-28 | 4.3 Medium |
| Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. | ||||