Export limit exceeded: 339080 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339080 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26023 | 2 Buffalo, Buffalo Inc | 15 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-1166dhp and 12 more | 2025-06-30 | 4.2 Medium |
| OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. | ||||
| CVE-2024-29190 | 2 Mobsf, Opensecurity | 2 Mobile Security Framework, Mobile Security Framework | 2025-06-30 | 7.5 High |
| Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. | ||||
| CVE-2014-2217 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2025-06-30 | N/A |
| Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. | ||||
| CVE-2019-19790 | 2 Progress, Telerik | 2 Telerik Ui For Asp.net Ajax, Radchart | 2025-06-30 | 9.8 Critical |
| Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). | ||||
| CVE-2021-28141 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2025-06-30 | 9.8 Critical |
| An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a "true" command was executed on the server, and the request's output does not leak any private source code or data from the server | ||||
| CVE-2024-31215 | 1 Opensecurity | 1 Mobile Security Framework | 2025-06-30 | 6.3 Medium |
| Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8. | ||||
| CVE-2024-23486 | 2 Buffalo, Buffalo Inc | 11 A2533dhp2, Wsr-2533dhp, Wsr-2533dhp2 and 8 more | 2025-06-30 | 9.8 Critical |
| Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | ||||
| CVE-2024-24795 | 7 Apache, Apple, Broadcom and 4 more | 8 Http Server, Macos, Fabric Operating System and 5 more | 2025-06-30 | 6.3 Medium |
| HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue. | ||||
| CVE-2024-3117 | 1 Youdiancms | 1 Youdiancms | 2025-06-30 | 4.7 Medium |
| A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. This vulnerability affects unknown code of the file App\Lib\Action\Admin\ChannelAction.class.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28288 | 1 Ruijie | 2 Rg-nbr700gw, Rg-nbr700gw Firmware | 2025-06-30 | 9.8 Critical |
| Ruijie RG-NBR700GW 10.3(4b12) router lacks cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can use this vulnerability to log in to the device and disrupt the business of the enterprise. | ||||
| CVE-2024-29316 | 1 Nodebb | 1 Nodebb | 2025-06-30 | 6.3 Medium |
| NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. | ||||
| CVE-2024-30161 | 1 Qt | 1 Qt | 2025-06-30 | 6.5 Medium |
| In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.) | ||||
| CVE-2023-41313 | 1 Apache | 1 Doris | 2025-06-30 | 9.8 Critical |
| The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue. | ||||
| CVE-2024-1936 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Thunderbird, Enterprise Linux and 4 more | 2025-06-30 | 7.5 High |
| The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. | ||||
| CVE-2025-5951 | 2025-06-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-6664 | 1 Codeastro | 1 Patient Record Management System | 2025-06-28 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-53388 | 2025-06-28 | N/A | ||
| Not used | ||||
| CVE-2025-53387 | 2025-06-28 | N/A | ||
| Not used | ||||
| CVE-2025-53386 | 2025-06-28 | N/A | ||
| Not used | ||||
| CVE-2025-53385 | 2025-06-28 | N/A | ||
| Not used | ||||