Export limit exceeded: 329862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (329862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7418 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7419 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7420 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7408 | 2 Pushpam02, Sourcecodester | 2 Zoo Management System, Zoo Management System | 2025-07-16 | 3.5 Low |
| A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6674 | 1 Gabderrahim | 1 Ckeditor5 Youtube | 2025-07-16 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3. | ||||
| CVE-2025-20924 | 1 Samsung | 1 Notes | 2025-07-16 | 4.6 Medium |
| Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2025-20925 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory. | ||||
| CVE-2025-20927 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-5234 | 1 Jegstudio | 1 Gutenverse News | 2025-07-16 | 6.4 Medium |
| The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-20928 | 2 Samsung, Samsung Mobile | 2 Notes, Samsung Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-5490 | 1 Antoineh | 1 Football Pool | 2025-07-16 | 5.5 Medium |
| The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2025-4774 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-07-16 | 6.4 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-38459 | 1 Langchain | 2 Langchain-experimental, Langchain Experimental | 2025-07-16 | 7.8 High |
| langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. | ||||
| CVE-2025-31070 | 2025-07-16 | 7.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup HTML5 Radio Player - WPBakery Page Builder Addon allows Path Traversal. This issue affects HTML5 Radio Player - WPBakery Page Builder Addon: from n/a through 2.5. | ||||
| CVE-2025-31055 | 2025-07-16 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress allows Reflected XSS. This issue affects Electrician - Electrical Service WordPress: from n/a through 1.0. | ||||
| CVE-2025-30973 | 2025-07-16 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a through 1.4.3. | ||||
| CVE-2024-3648 | 1 Sharethis | 1 Sharethis Share Buttons | 2025-07-16 | 6.4 Medium |
| The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-4577 | 1 Wpbeginner | 1 Smash Balloon Social Post Feed | 2025-07-16 | 6.4 Medium |
| The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-34085 | 2025-07-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36847. | ||||
| CVE-2025-34084 | 2025-07-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36848. | ||||