Export limit exceeded: 338066 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338066 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338066 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31506 | 1 Getgrav | 1 Grav | 2025-06-16 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. | ||||
| CVE-2023-26999 | 1 Netscout | 1 Ngeniusone | 2025-06-16 | 9.8 Critical |
| An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | ||||
| CVE-2025-29401 | 1 Emlog | 1 Emlog | 2025-06-16 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-24567 | 1 Vyperlang | 1 Vyper | 2025-06-16 | 4.8 Medium |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions. | ||||
| CVE-2024-0295 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-06-16 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-4961 | 1 Fuyanglipengjun | 1 Wetong Mall | 2025-06-16 | 5.5 Medium |
| A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243. | ||||
| CVE-2025-6109 | 2025-06-16 | 4.3 Medium | ||
| A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-28073 | 1 Phplist | 1 Phplist | 2025-06-16 | 6.1 Medium |
| phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized. | ||||
| CVE-2025-6169 | 2025-06-16 | 9.8 Critical | ||
| The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-28074 | 1 Phplist | 1 Phplist | 2025-06-16 | 6.1 Medium |
| phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | ||||
| CVE-2025-47816 | 1 Gnu | 1 Pspp | 2025-06-16 | 2.9 Low |
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. | ||||
| CVE-2024-0465 | 1 Code-projects | 1 Employee Profile Management System | 2025-06-16 | 3.5 Low |
| A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-21599 | 1 Juniper | 1 Junos | 2025-06-16 | 6.5 Medium |
| A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2. | ||||
| CVE-2024-0992 | 1 Tenda | 2 I6, I6 Firmware | 2025-06-16 | 7.2 High |
| A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4538 | 1 Keking | 1 Kkfileview | 2025-06-16 | 6.3 Medium |
| A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-33032 | 1 Qualcomm | 234 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 231 more | 2025-06-16 | 9.3 Critical |
| Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | ||||
| CVE-2024-1001 | 1 Totolink | 2 N200re, N200re Firmware | 2025-06-16 | 7.2 High |
| A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-44831 | 1 Engineercms Project | 1 Engineercms | 2025-06-16 | 9.8 Critical |
| EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. | ||||
| CVE-2025-45859 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-16 | 5.4 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the bandstr parameter in the formMapDelDevice interface. | ||||
| CVE-2024-24573 | 1 Facilemanager | 1 Facilemanager | 2025-06-16 | 8.8 High |
| facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges. | ||||