Export limit exceeded: 335258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335258 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6734 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7117 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7118 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7570 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. Affected by this issue is some unknown functionality of the file /goform/aspRemoteApConfTempSend. The manipulation of the argument remoteSrcTemp leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7571 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A vulnerability classified as critical has been found in UTT HiPER 840G up to 3.1.1-190328. This affects an unknown part of the file /goform/aspApBasicConfigUrcp. The manipulation of the argument Username leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8065 | 1 Tp-link | 4 Tapo, Tapo C200, Tapo C200 Firmware and 1 more | 2026-01-08 | 6.5 Medium |
| A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS). | ||||
| CVE-2025-14300 | 1 Tp-link | 4 Tapo, Tapo C200, Tapo C200 Firmware and 1 more | 2026-01-08 | 8.1 High |
| The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS). | ||||
| CVE-2025-14299 | 1 Tp-link | 4 Tapo, Tapo C200, Tapo C200 Firmware and 1 more | 2026-01-08 | 6.5 Medium |
| The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS). | ||||
| CVE-2025-10756 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A security flaw has been discovered in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of the argument tempName results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11305 | 1 Utt | 3 840g, 840g Firmware, Hiper 840g | 2026-01-08 | 8.8 High |
| A vulnerability has been found in UTT HiPER 840G up to 3.1.1-190328. Affected by this issue is the function strcpy of the file /goform/formTaskEdit. The manipulation of the argument txtMin2 leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25231 | 2026-01-08 | 8.4 High | ||
| devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot. | ||||
| CVE-2019-25259 | 2026-01-08 | 5.3 Medium | ||
| Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application. | ||||
| CVE-2019-25268 | 2026-01-08 | 9.8 Critical | ||
| NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code. | ||||
| CVE-2019-25282 | 2026-01-08 | 9.8 Critical | ||
| V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism. | ||||
| CVE-2019-25289 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 8.8 High |
| SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials. | ||||
| CVE-2019-25290 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 5.3 Medium |
| Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests. | ||||
| CVE-2019-25291 | 1 Inim | 1 Smartliving Smartlan | 2026-01-08 | 7.5 High |
| INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models. | ||||
| CVE-2025-15346 | 1 Wolfssl | 1 Wolfssl | 2026-01-08 | N/A |
| A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake. The issue affects versions up to and including 5.8.2. | ||||
| CVE-2023-2003 | 1 Unitronics | 2 Vision1210, Vision1210 Firmware | 2026-01-08 | 9.1 Critical |
| Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device. | ||||
| CVE-2024-2904 | 2 Extendthemes, Wordpress | 2 Calliope, Wordpress | 2026-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. | ||||