Export limit exceeded: 342475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-17496 | 1 Vbulletin | 1 Vbulletin | 2025-11-07 | 9.8 Critical |
| vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. | ||||
| CVE-2020-24363 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2025-11-07 | 8.8 High |
| TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | ||||
| CVE-2020-25078 | 1 Dlink | 18 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 15 more | 2025-11-07 | 7.5 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | ||||
| CVE-2020-25079 | 1 Dlink | 18 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 15 more | 2025-11-07 | 8.8 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | ||||
| CVE-2020-25213 | 1 Filemanagerpro | 1 File Manager | 2025-11-07 | 10 Critical |
| The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. | ||||
| CVE-2020-25223 | 1 Sophos | 1 Unified Threat Management | 2025-11-07 | 9.8 Critical |
| A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | ||||
| CVE-2025-5988 | 1 Redhat | 2 Ansible Automation Platform, Ansible Automation Platform Developer | 2025-11-07 | 5.3 Medium |
| A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda. | ||||
| CVE-2025-7784 | 1 Redhat | 5 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 2 more | 2025-11-07 | 6.5 Medium |
| A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm. | ||||
| CVE-2025-63450 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2025-11-07 | 5.4 Medium |
| Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting (XSS) in /carlux/booking.php. | ||||
| CVE-2025-63451 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2025-11-07 | 9.8 Critical |
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/sign-in.php. | ||||
| CVE-2025-63452 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2025-11-07 | 9.4 Critical |
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/forgot-pass.php. | ||||
| CVE-2025-63453 | 1 Car-booking-system-php Project | 1 Car-booking-system-php | 2025-11-07 | 9.8 Critical |
| Car-Booking-System-PHP v.1.0 is vulnerable to SQL Injection in /carlux/contact.php. | ||||
| CVE-2025-63447 | 1 Water Management System Project | 1 Water Management System | 2025-11-07 | 6.1 Medium |
| Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php. | ||||
| CVE-2025-63449 | 1 Water Management System Project | 1 Water Management System | 2025-11-07 | 5.4 Medium |
| Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php. | ||||
| CVE-2024-5971 | 1 Redhat | 12 Apache Camel Hawtio, Apache Camel Spring Boot, Build Keycloak and 9 more | 2025-11-07 | 7.5 High |
| A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios. | ||||
| CVE-2023-5685 | 1 Redhat | 12 Apache-camel-spring-boot, Apache Camel Hawtio, Build Keycloak and 9 more | 2025-11-07 | 7.5 High |
| A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). | ||||
| CVE-2025-12001 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 6.1 Medium |
| Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||
| CVE-2025-12031 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 5.3 Medium |
| HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||
| CVE-2025-60790 | 1 Processwire | 1 Processwire | 2025-11-07 | 6.5 Medium |
| ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service. | ||||
| CVE-2025-12104 | 2 Azure-access, Azure Access Technology | 6 Blu-ic2, Blu-ic2 Firmware, Blu-ic4 and 3 more | 2025-11-07 | 9.8 Critical |
| Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | ||||