Export limit exceeded: 16519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51951 | 1 Andisearch | 1 Andisearch | 2025-08-06 | 6.1 Medium |
| andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2025-50777 | 1 Aziot | 2 2mp Full Hd Smart Wi-fi Cctv Home Security Camera, 2mp Full Hd Smart Wi-fi Cctv Home Security Camera Firmware | 2025-08-06 | 7.8 High |
| The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems. | ||||
| CVE-2025-50464 | 1 Iptime | 2 Nas, Nas Firmware | 2025-08-06 | 6.5 Medium |
| A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication. | ||||
| CVE-2025-45620 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2025-08-06 | 8.1 High |
| An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request | ||||
| CVE-2025-45619 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2025-08-06 | 6.5 Medium |
| An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function | ||||
| CVE-2025-25692 | 1 Prestashop | 1 Prestashop | 2025-08-06 | 6.5 Medium |
| A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | ||||
| CVE-2025-51503 | 1 Microweber | 2 Cms, Microweber | 2025-08-06 | 7.6 High |
| A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers. | ||||
| CVE-2024-34327 | 1 Sielox | 1 Anyware | 2025-08-06 | 6.5 Medium |
| Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form. | ||||
| CVE-2025-24497 | 1 F5 | 2 Big-ip, Big-ip Policy Enforcement Manager | 2025-08-06 | 7.5 High |
| When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-52203 | 1 Devaslanphp | 1 Project Management | 2025-08-06 | 7.6 High |
| A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context. | ||||
| CVE-2025-8454 | 1 Debian | 1 Devscripts | 2025-08-06 | 9.8 Critical |
| It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | ||||
| CVE-2025-51954 | 1 Electronhub | 1 Ai Playground | 2025-08-06 | 6.1 Medium |
| playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2025-4674 | 1 Gotoolchain | 1 Cmd/go | 2025-08-06 | 8.6 High |
| The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected. | ||||
| CVE-2012-10033 | 1 Angstrom Distribution | 1 Narcissus | 2025-08-06 | N/A |
| Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context. | ||||
| CVE-2012-10029 | 1 Nagios | 3 Nagios, Nagios Xi, Xi | 2025-08-06 | N/A |
| Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution. | ||||
| CVE-2024-28883 | 1 F5 | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Big-ip Apm | 2025-08-06 | 7.4 High |
| An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2015-0849 | 1 Debian | 1 Pycode-browser | 2025-08-06 | 3.9 Low |
| pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. | ||||
| CVE-2015-0843 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | ||||
| CVE-2015-0842 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | ||||
| CVE-2025-20120 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-08-06 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||