Export limit exceeded: 335504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335504 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51737 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2025-05-21 | 6.9 Medium |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | ||||
| CVE-2024-50705 | 1 Uniguest | 1 Tripleplay | 2025-05-21 | 7.1 High |
| Unauthenticated reflected cross-site scripting (XSS) vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter. | ||||
| CVE-2025-1955 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-21 | 3.5 Low |
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3298 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-21 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8. | ||||
| CVE-2024-37605 | 1 Dlink | 2 Dir-860l, Dir-860l Firmware | 2025-05-21 | 6.5 Medium |
| A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2024-13868 | 1 Tahminajannat | 1 Url Shortener \| Conversion Tracking \| Ab Testing \| Woocommerce | 2025-05-21 | 6.1 Medium |
| The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-36831 | 1 Dlink | 2 Dap-1520, Dap-1520 Firmware | 2025-05-21 | 5.3 Medium |
| A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. | ||||
| CVE-2021-28052 | 1 Hitach | 1 Vantara | 2025-05-21 | 7.5 High |
| A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | ||||
| CVE-2022-40942 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2025-05-21 | 9.8 Critical |
| Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time. | ||||
| CVE-2022-40929 | 1 Xuxueli | 1 Xxl-job | 2025-05-21 | 9.8 Critical |
| XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users). | ||||
| CVE-2022-40878 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2025-05-21 | 8.8 High |
| In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). | ||||
| CVE-2022-40877 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2025-05-21 | 9.8 Critical |
| Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | ||||
| CVE-2022-40817 | 1 Zammad | 1 Zammad | 2025-05-21 | 4.3 Medium |
| Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2. | ||||
| CVE-2022-40816 | 1 Zammad | 1 Zammad | 2025-05-21 | 6.5 Medium |
| Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be able to fetch personal data of other users by querying the Zammad API. This issue is fixed in , 5.2.2. | ||||
| CVE-2022-40497 | 1 Wazuh | 1 Wazuh | 2025-05-21 | 8.8 High |
| Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | ||||
| CVE-2022-40486 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2025-05-21 | 8.8 High |
| TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | ||||
| CVE-2022-40475 | 1 Totolink | 2 A860r, A860r Firmware | 2025-05-21 | 9.8 Critical |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | ||||
| CVE-2022-40354 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-21 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. | ||||
| CVE-2022-40126 | 1 Clash Project | 1 Clash | 2025-05-21 | 7.8 High |
| A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | ||||
| CVE-2022-40083 | 1 Labstack | 1 Echo | 2025-05-21 | 9.6 Critical |
| Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). | ||||