Export limit exceeded: 336650 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336650 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44084 | 1 Dlink | 2 Di-8100, Di-8100g Firmware | 2025-05-30 | 9.8 Critical |
| D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. | ||||
| CVE-2024-28061 | 2025-05-30 | 6.3 Medium | ||
| An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file. | ||||
| CVE-2024-28060 | 1 Apiris | 1 Kafeo | 2025-05-30 | 7.3 High |
| An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed. | ||||
| CVE-2024-25676 | 1 Viewerjs | 1 Viewerjs | 2025-05-30 | 4.7 Medium |
| An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading. | ||||
| CVE-2023-51711 | 1 Regify | 1 Regipay | 2025-05-30 | 7.8 High |
| An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | ||||
| CVE-2023-41103 | 1 Interactsoftware | 1 Interact | 2025-05-30 | 5.4 Medium |
| Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. | ||||
| CVE-2023-35792 | 1 Vound-software | 1 Intella Connect | 2025-05-30 | 5.4 Medium |
| Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS). | ||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2025-05-30 | 6.1 Medium |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | ||||
| CVE-2023-31223 | 1 Dradisframework | 1 Dradis | 2025-05-30 | 8.7 High |
| Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | ||||
| CVE-2023-29505 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. | ||||
| CVE-2023-28152 | 1 Independentsoft | 1 Jword | 2025-05-30 | 5.3 Medium |
| An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | ||||
| CVE-2023-28151 | 1 Independentsoft | 1 Jspreadsheet | 2025-05-30 | 5.3 Medium |
| An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | ||||
| CVE-2023-28150 | 1 Independentsoft | 1 Jodf | 2025-05-30 | 5.3 Medium |
| An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | ||||
| CVE-2023-26098 | 1 Telindus | 1 Apsal | 2025-05-30 | 8.2 High |
| An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | ||||
| CVE-2023-26097 | 1 Telindus | 1 Apsal | 2025-05-30 | 8.4 High |
| An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | ||||
| CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | ||||
| CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | ||||
| CVE-2022-45165 | 1 Archibus | 1 Web Central | 2025-05-30 | 6.5 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection. | ||||
| CVE-2022-45164 | 1 Archibus | 1 Archibus Web Central | 2025-05-30 | 4.3 Medium |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | ||||
| CVE-2022-38482 | 1 Mega | 1 Hopex | 2025-05-30 | 4.3 Medium |
| A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. | ||||