Export limit exceeded: 20741 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20741 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60561 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail. | ||||
| CVE-2025-60562 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. | ||||
| CVE-2025-60564 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog. | ||||
| CVE-2025-60565 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-28 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. | ||||
| CVE-2025-12241 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-28 | 8.8 High |
| A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This impacts the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. The manipulation of the argument lang results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-60563 | 2 D-link, Dlink | 3 Dir-600l, Dir-600l, Dir-600l Firmware | 2025-10-27 | 7.5 High |
| D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr. | ||||
| CVE-2025-60729 | 1 Perfree | 1 Perfreeblog | 2025-10-27 | 5.3 Medium |
| PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function | ||||
| CVE-2025-11576 | 2 Newcodebyte, Wordpress | 2 Ai Chatbot Free Models, Wordpress | 2025-10-27 | 4.3 Medium |
| The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5. This is due to insufficient sanitization in the 'newcodebyte_chatbot_export_messages' function. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2025-12249 | 1 Axosoft | 1 Scrum And Bug Tracking | 2025-10-27 | 6.3 Medium |
| A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12240 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-27 | 8.8 High |
| A security vulnerability has been detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-12239 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-10-27 | 8.8 High |
| A weakness has been identified in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Executing manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-55081 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-27 | 9.1 Critical |
| In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside of the expected range, it could cause an out-of-bound read. | ||||
| CVE-2025-61863 | 1 Fujielectric | 2 Monitouch V-sft, V-sft | 2025-10-27 | 7.8 High |
| An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | ||||
| CVE-2025-61862 | 1 Fujielectric | 2 Monitouch V-sft, V-sft | 2025-10-27 | 7.8 High |
| An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | ||||
| CVE-2025-61861 | 1 Fujielectric | 2 Monitouch V-sft, V-sft | 2025-10-27 | 7.8 High |
| An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | ||||
| CVE-2025-61860 | 1 Fujielectric | 2 Monitouch V-sft, V-sft | 2025-10-27 | 7.8 High |
| An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | ||||
| CVE-2025-61856 | 1 Fujielectric | 2 Monitouch V-sft, V-sft | 2025-10-27 | 7.8 High |
| A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution. | ||||
| CVE-2023-23376 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-10-27 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-33010 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2025-10-27 | 9.8 Critical |
| A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | ||||
| CVE-2025-60339 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-10-27 | 7.5 High |
| Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the schedStartTime and schedEndTime parameters. | ||||