Export limit exceeded: 335868 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335868 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36604 | 1 Hapijs | 1 Hoek | 2025-05-27 | 8.1 High |
| hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. | ||||
| CVE-2018-16153 | 1 Apereo | 1 Opencast | 2025-05-27 | 7.5 High |
| An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | ||||
| CVE-2015-8314 | 1 Heartcombo | 1 Devise | 2025-05-27 | 7.5 High |
| The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | ||||
| CVE-2023-28523 | 1 Ibm | 2 Informix Dynamic Server, Informix Dynamic Server On Cloud Pak For Data | 2025-05-27 | 8.4 High |
| IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. | ||||
| CVE-2023-6646 | 1 Sissbruecker | 1 Linkding | 2025-05-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. | ||||
| CVE-2023-6655 | 1 Hrp2000 | 1 E-hr | 2025-05-27 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-27774 | 1 Hcltech | 1 Hcl Digital Experience | 2025-05-27 | 3.1 Low |
| User input included in error response, which could be used in a phishing attack. | ||||
| CVE-2023-32975 | 1 Qnap | 2 Qts, Quts Hero | 2025-05-27 | 4.9 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later | ||||
| CVE-2022-37232 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2025-05-27 | 9.8 Critical |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | ||||
| CVE-2025-41378 | 2025-05-27 | N/A | ||
| The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel. | ||||
| CVE-2025-48286 | 2025-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209. | ||||
| CVE-2025-48283 | 2025-05-27 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0. | ||||
| CVE-2023-44857 | 1 Cobham | 3 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor Vsat Ku | 2025-05-27 | 8.1 High |
| An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | ||||
| CVE-2025-48271 | 2025-05-27 | 6.5 Medium | ||
| Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1. | ||||
| CVE-2025-48245 | 2025-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1. | ||||
| CVE-2025-48241 | 2025-05-27 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3. | ||||
| CVE-2025-47690 | 2025-05-27 | 8.8 High | ||
| Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1. | ||||
| CVE-2025-46631 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 6.5 Medium |
| Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable telnet access to the router's OS by sending a /goform/telnet web request. | ||||
| CVE-2025-46630 | 1 Tenda | 2 Rx2 Pro, Rx2 Pro Firmware | 2025-05-27 | 6.5 Medium |
| Improper access controls in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated remote attacker to enable 'ate' (a remote system management binary) by sending a /goform/ate web request. | ||||
| CVE-2023-44854 | 1 Cobham | 2 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware | 2025-05-27 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the c_set_rslog_decode function in the acu_web file. | ||||