Export limit exceeded: 338519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48748 | 1 Netwrix | 1 Directory Manager | 2025-06-23 | 10 Critical |
| Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. | ||||
| CVE-2025-1378 | 1 Radare | 1 Radare2 | 2025-06-23 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the component rasm2. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0.0 is able to address this issue. The patch is identified as c6c772d2eab692ce7ada5a4227afd50c355ad545. It is recommended to upgrade the affected component. | ||||
| CVE-2025-45855 | 1 Erupt | 1 Erupt | 2025-06-23 | 5.4 Medium |
| An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2025-27531 | 1 Apache | 1 Inlong | 2025-06-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue. | ||||
| CVE-2025-5875 | 1 Tp-link | 2 Tl-ipc544ep-w4, Tl-ipc544ep-w4 Firmware | 2025-06-23 | 8.8 High |
| A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-45001 | 1 Numan | 1 React-native-keys | 2025-06-23 | 7.5 High |
| react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools. | ||||
| CVE-2025-45002 | 1 Codervivek | 1 Vigybag | 2025-06-23 | 5.4 Medium |
| Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. | ||||
| CVE-2025-52542 | 2025-06-23 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-49080 | 1 Absolute | 1 Secure Access | 2025-06-23 | 7.5 High |
| There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack requirements, privileges, or user interaction required. Loss of availability is high; there is no impact on confidentiality or integrity. | ||||
| CVE-2024-40570 | 1 Seacms | 1 Seacms | 2025-06-23 | 6.5 Medium |
| SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component. | ||||
| CVE-2025-29659 | 1 Yiiot | 2 Xy-3820, Xy-3820 Firmware | 2025-06-23 | 9.8 Critical |
| Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary. | ||||
| CVE-2025-29660 | 1 Yiiot | 2 Xy-3820, Xy-3820 Firmware | 2025-06-23 | 9.8 Critical |
| A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traversal techniques. | ||||
| CVE-2025-28102 | 1 Dogukanurker | 1 Flaskblog | 2025-06-23 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost. | ||||
| CVE-2024-57394 | 1 Qianxin | 1 Tianqing Endpoint Security Management System | 2025-06-23 | 8.8 High |
| The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities. | ||||
| CVE-2025-27086 | 1 Hpe | 1 Performance Cluster Manager | 2025-06-23 | 8.1 High |
| A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication. | ||||
| CVE-2025-3841 | 1 Wix | 1 Jam | 2025-06-23 | 3.3 Low |
| A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-29756 | 2025-06-23 | N/A | ||
| SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices. | ||||
| CVE-2021-38487 | 1 Rti | 3 Connext Dds Micro, Connext Professional, Connext Secure | 2025-06-23 | 8.2 High |
| RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. | ||||
| CVE-2025-46991 | 1 Adobe | 2 Adobe Experience Manager, Experience Manager | 2025-06-23 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-5973 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-06-23 | 2.4 Low |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-table.php. The manipulation of the argument tableno leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||