Export limit exceeded: 336056 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336056 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48279 | 1 S-sols | 1 Seraphinite Post .docx Source | 2025-06-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source allows Cross Site Request Forgery.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.6. | ||||
| CVE-2025-5154 | 1 Phonepe | 1 Phonepe | 2025-06-03 | 2.3 Low |
| A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32813 | 1 Infoblox | 1 Netmri | 2025-06-03 | 7.2 High |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. | ||||
| CVE-2023-6420 | 1 Aatifaneeq | 1 Voovi | 2025-06-03 | 6.5 Medium |
| A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the browser session of an authenticated user. | ||||
| CVE-2025-44892 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | 6.5 Medium |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function. | ||||
| CVE-2025-44895 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-06-03 | 6.5 Medium |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function. | ||||
| CVE-2025-27997 | 1 Blizzard | 1 Battle.net | 2025-06-03 | 8.4 High |
| An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. | ||||
| CVE-2024-41339 | 1 Draytek | 40 Vigor165, Vigor165 Firmware, Vigor166 and 37 more | 2025-06-03 | 8.8 High |
| An issue in the CGI endpoint used to upload configurations in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload a crafted kernel module, allowing for arbitrary code execution. | ||||
| CVE-2025-44083 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-06-03 | 9.8 Critical |
| An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication | ||||
| CVE-2024-54188 | 1 Infoblox | 1 Netmri | 2025-06-03 | 5.3 Medium |
| Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access. | ||||
| CVE-2024-41340 | 1 Draytek | 40 Vigor165, Vigor165 Firmware, Vigor166 and 37 more | 2025-06-03 | 8.4 High |
| An issue in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to upload crafted APP Enforcement modules, leading to arbitrary code execution. | ||||
| CVE-2023-5966 | 1 Espocrm | 1 Espocrm | 2025-06-03 | 9.1 Critical |
| An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution. | ||||
| CVE-2024-41592 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-03 | 8 High |
| DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. | ||||
| CVE-2023-6428 | 1 Bigprof | 1 Online Invoicing System | 2025-06-03 | 6.3 Medium |
| A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads. | ||||
| CVE-2023-46086 | 1 Servit | 1 Affiliate-toolkit | 2025-06-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin allows Reflected XSS.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.4.3. | ||||
| CVE-2023-48272 | 1 Wpmaspik | 1 Maspik | 2025-06-03 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2. | ||||
| CVE-2023-34388 | 1 Selinc | 2 Sel-451, Sel-451 Firmware | 2025-06-03 | 6.5 Medium |
| An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | ||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2025-06-03 | 7.5 High |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | ||||
| CVE-2024-0579 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-03 | 6.3 Medium |
| A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32814 | 1 Infoblox | 1 Netmri | 2025-06-03 | 9.8 Critical |
| An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur. | ||||