Export limit exceeded: 340572 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340572 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50614 | 1 Cdebyte | 2 E880-ir01, E880-ir01 Firmware | 2025-06-02 | 7.5 High |
| An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. | ||||
| CVE-2023-50028 | 1 Prestashopmodules | 1 Sliding Cart Block | 2025-06-02 | 9.8 Critical |
| In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. | ||||
| CVE-2023-49943 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-06-02 | 5.4 Medium |
| Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. | ||||
| CVE-2023-48858 | 1 Abocms | 1 Abo.cms | 2025-06-02 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part. | ||||
| CVE-2023-48345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-06-02 | 5.5 Medium |
| In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | ||||
| CVE-2023-46952 | 1 Abocms | 1 Abo.cms | 2025-06-02 | 6.1 Medium |
| Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header. | ||||
| CVE-2023-2252 | 1 Wpwax | 1 Directorist | 2025-06-02 | 2.7 Low |
| The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files. | ||||
| CVE-2023-27168 | 1 Xpand-it | 1 Write-back Manager | 2025-06-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | ||||
| CVE-2023-0769 | 1 Hiweb | 1 Migration Simple | 2025-06-02 | 6.1 Medium |
| The hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | ||||
| CVE-2023-0376 | 1 Themeum | 1 Qubely | 2025-06-02 | 5.4 Medium |
| The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-49107 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2025-06-02 | 5.3 Medium |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04. | ||||
| CVE-2011-10005 | 1 Easyftp Server Project | 1 Easyftp Server | 2025-06-02 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716. | ||||
| CVE-2024-0554 | 1 Xantech | 2 Wic1200, Wic1200 Firmware | 2025-06-02 | 5.5 Medium |
| A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user. | ||||
| CVE-2024-0569 | 1 Totolink | 2 T8, T8 Firmware | 2025-06-02 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. | ||||
| CVE-2024-0581 | 1 Sandsprite | 1 Scdbg | 2025-06-02 | 4 Medium |
| An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan. | ||||
| CVE-2024-0574 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-06-02 | 8.8 High |
| A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0577 | 1 Totolink | 2 Lr1200gb, Lr1200gb Firmware | 2025-06-02 | 8.8 High |
| A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250793 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7234 | 1 Integrationobjects | 1 Opc Ua Server Toolkit | 2025-06-02 | 5.3 Medium |
| OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. | ||||
| CVE-2023-6335 | 2 Hypr, Microsoft | 2 Workforce Access, Windows | 2025-06-02 | 6.4 Medium |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | ||||
| CVE-2023-6336 | 2 Apple, Hypr | 2 Macos, Workforce Access | 2025-06-02 | 7.2 High |
| Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | ||||