Export limit exceeded: 336986 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336986 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23180 | 2025-05-02 | 8 High | ||
| CWE-250: Execution with Unnecessary Privileges | ||||
| CVE-2025-24348 | 2025-05-02 | 5.4 Medium | ||
| A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the wireless network configuration file via a crafted HTTP request. | ||||
| CVE-2025-24347 | 2025-05-02 | 6.5 Medium | ||
| A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request. | ||||
| CVE-2025-24344 | 2025-05-02 | 6.3 Medium | ||
| A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's browser via a crafted HTTP request. | ||||
| CVE-2025-23179 | 2025-05-02 | 5.5 Medium | ||
| CWE-798: Use of Hard-coded Credentials | ||||
| CVE-2025-23178 | 2025-05-02 | 7.6 High | ||
| CWE-923: Improper Restriction of Communication Channel to Intended Endpoints | ||||
| CVE-2025-27611 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-05-02 | 7.5 High |
| base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1. | ||||
| CVE-2025-46552 | 2025-05-02 | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | ||||
| CVE-2025-4078 | 2025-05-02 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-47154 | 2025-05-02 | 9 Critical | ||
| LibJS in Ladybird before f5a6704 mishandles the freeing of the vector that arguments_list references, leading to a use-after-free, and allowing remote attackers to execute arbitrary code via a crafted .js file. NOTE: the GitHub README says "Ladybird is in a pre-alpha state, and only suitable for use by developers." | ||||
| CVE-2025-24350 | 2025-05-02 | 7.1 High | ||
| A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request. | ||||
| CVE-2025-24349 | 2025-05-02 | 7.1 High | ||
| A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request. | ||||
| CVE-2025-24345 | 2025-05-02 | 6.3 Medium | ||
| A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request. | ||||
| CVE-2025-24343 | 2025-05-02 | 5.4 Medium | ||
| A vulnerability in the “Manages app data” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary files in arbitrary file system paths via a crafted HTTP request. | ||||
| CVE-2025-24342 | 2025-05-02 | 5.3 Medium | ||
| A vulnerability in the login functionality of the web application of ctrlX OS allows a remote unauthenticated attacker to guess valid usernames via multiple crafted HTTP requests. | ||||
| CVE-2025-24341 | 2025-05-02 | 6.5 Medium | ||
| A vulnerability in the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to induce a Denial-of-Service (DoS) condition on the device via multiple crafted HTTP requests. In the worst case, a full power cycle is needed to regain control of the device. | ||||
| CVE-2025-24340 | 2025-05-02 | 6.5 Medium | ||
| A vulnerability in the users configuration file of ctrlX OS may allow a remote authenticated (low-privileged) attacker to recover the plaintext passwords of other users. | ||||
| CVE-2024-9877 | 2025-05-02 | 4.3 Medium | ||
| : Use of GET Request Method With Sensitive Query Strings vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. | ||||
| CVE-2024-9876 | 2025-05-02 | 7.3 High | ||
| : Modification of Assumed-Immutable Data (MAID) vulnerability in ABB ANC, ABB ANC-L, ABB ANC-mini.This issue affects ANC: through 1.1.4; ANC-L: through 1.1.4; ANC-mini: through 1.1.4. | ||||
| CVE-2025-2890 | 2025-05-02 | 6.5 Medium | ||
| The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||