Export limit exceeded: 335439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335439 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48527 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-05-21 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2023-45115 | 1 Projectworlds | 1 Online Examination System | 2025-05-21 | 8.8 High |
| Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-33110 | 1 Qualcomm | 246 Snapdragon 425 Mobile Platform, Snapdragon 425 Mobile Platform Firmware, Snapdragon 427 Mobile Platform and 243 more | 2025-05-21 | 7.8 High |
| The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption. | ||||
| CVE-2023-33033 | 1 Qualcomm | 528 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 525 more | 2025-05-21 | 8.4 High |
| Memory corruption in Audio during playback with speaker protection. | ||||
| CVE-2025-4901 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 4.3 Medium |
| A vulnerability classified as problematic was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this vulnerability is the function sub_41E304 of the file /H5/state_view.data of the component HTTP Endpoint. The manipulation leads to information disclosure. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4756 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 5.3 Medium |
| A vulnerability was found in D-Link DI-7003GV2 24.04.18D1 R(68125). It has been declared as problematic. This vulnerability affects unknown code of the file /H5/restart.asp. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4902 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-21 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected by this issue is the function sub_48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3878 | 1 Cozyvision | 1 Sms Alert Order Notifications | 2025-05-21 | 6.4 Medium |
| The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-3876 | 1 Cozyvision | 1 Sms Alert Order Notifications | 2025-05-21 | 8.8 High |
| The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in all versions up to, and including, 3.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impersonate any account by supplying its username or email and elevate their privileges to that of an administrator. | ||||
| CVE-2024-48150 | 2 D-link, Dlink | 3 Dir-820l, Dir-820l, Dir-820l Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function. | ||||
| CVE-2025-4911 | 1 Phpgurukul | 1 Zoo Management System | 2025-05-21 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-36832 | 1 Dlink | 2 Dap-1513, Dap-1513 Firmware | 2025-05-21 | 7.5 High |
| A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device. | ||||
| CVE-2024-44411 | 2 D-link, Dlink | 3 Di-8300, Di-8300, Di-8300 Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | ||||
| CVE-2024-57045 | 1 Dlink | 2 Dir-859 A3, Dir-859 A3 Firmware | 2025-05-21 | 9.8 Critical |
| A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page. | ||||
| CVE-2024-34950 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. | ||||
| CVE-2024-33111 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-05-21 | 5.4 Medium |
| D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. | ||||
| CVE-2024-33112 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | ||||
| CVE-2024-33113 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 5.3 Medium |
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | ||||
| CVE-2024-33110 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 9.1 Critical |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | ||||
| CVE-2025-4925 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-05-21 | 7.3 High |
| A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||