Export limit exceeded: 341061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341061 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5580 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 7.3 High |
| A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-33526 | 1 Ilias | 1 Ilias | 2025-06-04 | 7.1 High |
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | ||||
| CVE-2024-33527 | 1 Ilias | 1 Ilias | 2025-06-04 | 5.4 Medium |
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | ||||
| CVE-2024-33528 | 1 Ilias | 1 Ilias | 2025-06-04 | 4.7 Medium |
| A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload. | ||||
| CVE-2024-33529 | 1 Ilias | 1 Ilias | 2025-06-04 | 7.2 High |
| ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. | ||||
| CVE-2024-48905 | 1 Sematell | 1 Replyone | 2025-06-04 | 9.1 Critical |
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | ||||
| CVE-2024-48906 | 1 Sematell | 1 Replyone | 2025-06-04 | 6.1 Medium |
| Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name. | ||||
| CVE-2024-48907 | 1 Sematell | 1 Replyone | 2025-06-04 | 7.5 High |
| Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. | ||||
| CVE-2025-45800 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-06-04 | 9.8 Critical |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. | ||||
| CVE-2025-44900 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-04 | 6.5 Medium |
| In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. | ||||
| CVE-2025-44899 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-04 | 9.8 Critical |
| There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. | ||||
| CVE-2024-36650 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-06-04 | 7.5 High |
| TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked. This can lead to a buffer overflow, allowing attackers to construct malicious HTTP or MQTT requests to cause a denial-of-service attack. | ||||
| CVE-2023-34302 | 1 Ashlar | 1 Cobalt | 2025-06-04 | 7.8 High |
| Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17865. | ||||
| CVE-2024-32674 | 2 Bestwebsoft, Heateor | 2 Social Login, Social Login | 2025-06-04 | 5.4 Medium |
| Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | ||||
| CVE-2024-27731 | 1 Friendica | 1 Friendica | 2025-06-04 | 6.1 Medium |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. | ||||
| CVE-2024-27730 | 1 Friendica | 1 Friendica | 2025-06-04 | 9.8 Critical |
| Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. | ||||
| CVE-2024-27728 | 1 Friendica | 1 Friendica | 2025-06-04 | 6.1 Medium |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. | ||||
| CVE-2024-46278 | 1 Sismics | 1 Teedy | 2025-06-04 | 8.4 High |
| Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. | ||||
| CVE-2023-32167 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-06-04 | 6.5 Medium |
| D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadMib function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create or delete files in the context of SYSTEM. . Was ZDI-CAN-19529. | ||||
| CVE-2024-52711 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2025-06-04 | 5.7 Medium |
| DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter. | ||||