Export limit exceeded: 337337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337337 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0212 | 1 Cloudflare | 1 Cloudflare | 2025-06-06 | 8.1 High |
| The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. | ||||
| CVE-2025-41362 | 2025-06-06 | N/A | ||
| Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission. | ||||
| CVE-2023-29048 | 1 Open-xchange | 1 Ox App Suite | 2025-06-06 | 8.8 High |
| A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known. | ||||
| CVE-2025-3322 | 2025-06-06 | N/A | ||
| An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. | ||||
| CVE-2025-5525 | 1 Jrohy | 1 Trojan | 2025-06-06 | 5.6 Medium |
| A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-49617 | 1 Machinesense | 2 Feverwarn, Feverwarn Firmware | 2025-06-06 | 10 Critical |
| The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication. | ||||
| CVE-2022-46852 | 1 Dotcamp | 1 Wp Table Builder | 2025-06-06 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions. | ||||
| CVE-2024-38894 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | 5.3 Medium |
| WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. | ||||
| CVE-2024-38892 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | 6.5 Medium |
| An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. | ||||
| CVE-2024-33373 | 1 Lb-link | 2 Bl-w1210m, Bl-w1210m Firmware | 2025-06-06 | 6.3 Medium |
| An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack. | ||||
| CVE-2024-38950 | 1 Struktur | 1 Libde265 | 2025-06-06 | 6.5 Medium |
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. | ||||
| CVE-2024-38949 | 1 Struktur | 1 Libde265 | 2025-06-06 | 6.5 Medium |
| Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc | ||||
| CVE-2024-38895 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | 5.3 Medium |
| WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. | ||||
| CVE-2024-38896 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | 5.3 Medium |
| WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi. | ||||
| CVE-2025-3365 | 2025-06-06 | 9.8 Critical | ||
| A missing protection against path traversal allows to access any file on the server. | ||||
| CVE-2024-38897 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | 5.3 Medium |
| WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. | ||||
| CVE-2024-37662 | 1 Tp-link | 2 Tl-7dr5130, Tl-7dr5130 Firmware | 2025-06-06 | 6.3 Medium |
| TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. | ||||
| CVE-2024-37661 | 1 Tp-link | 2 Tl-7dr5130, Tl-7dr5130 Firmware | 2025-06-06 | 6.3 Medium |
| TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. | ||||
| CVE-2025-49326 | 2025-06-06 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5. | ||||
| CVE-2025-31000 | 2025-06-06 | 5.3 Medium | ||
| Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6. | ||||