Export limit exceeded: 338063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52771 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | 9.1 Critical |
| DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. | ||||
| CVE-2024-52770 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-52769 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | 7.2 High |
| An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2025-26846 | 1 Znuny | 1 Znuny | 2025-06-13 | 9.8 Critical |
| An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. | ||||
| CVE-2025-44830 | 1 Engineercms Project | 1 Engineercms | 2025-06-13 | 9.8 Critical |
| EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. | ||||
| CVE-2025-45779 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-13 | 9.8 Critical |
| Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter. | ||||
| CVE-2025-44175 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-06-13 | 5.4 Medium |
| Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function. | ||||
| CVE-2024-34243 | 1 Pantsel | 1 Konga | 2025-06-13 | 5.4 Medium |
| Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. | ||||
| CVE-2024-34250 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-06-13 | 6.2 Medium |
| A heap buffer overflow vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause at least a denial of service via the "wasm_loader_check_br" function in core/iwasm/interpreter/wasm_loader.c. | ||||
| CVE-2024-34251 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-06-13 | 7.5 High |
| An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h. | ||||
| CVE-2025-46837 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 8.7 High |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | ||||
| CVE-2025-44868 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2025-06-13 | 9.8 Critical |
| Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the ping_test function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2025-46838 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46841 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46842 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46843 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-54780 | 1 Netgate | 2 Pfsense Ce, Pfsense Plus | 2025-06-13 | 8.8 High |
| Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter. | ||||
| CVE-2025-46844 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46845 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-46846 | 1 Adobe | 1 Experience Manager | 2025-06-13 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||