Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4410 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2025-07-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45919 | 1 Solvait | 1 Solvait | 2025-07-03 | 6.5 Medium |
| A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. | ||||
| CVE-2024-25600 | 1 Bricksbuilder | 1 Bricks | 2025-07-03 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6. | ||||
| CVE-2024-46535 | 2 Jepass, Ketr | 2 Jepass, Jepaas | 2025-07-03 | 9.8 Critical |
| Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. | ||||
| CVE-2024-42901 | 1 Limesurvey | 1 Limesurvey | 2025-07-03 | 4.8 Medium |
| A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. | ||||
| CVE-2024-42902 | 1 Limesurvey | 1 Limesurvey | 2025-07-03 | 8.8 High |
| An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function | ||||
| CVE-2024-41435 | 1 Yugabyte | 1 Yugabytedb | 2025-07-03 | 7.5 High |
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | ||||
| CVE-2024-41436 | 1 Clickhouse | 1 Clickhouse | 2025-07-03 | 7.5 High |
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | ||||
| CVE-2024-42885 | 1 Esafenet | 1 Cdg | 2025-07-03 | 9.1 Critical |
| SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. | ||||
| CVE-2024-42759 | 1 Ellevo | 1 Ellevo | 2025-07-03 | 6.3 Medium |
| An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. | ||||
| CVE-2024-44085 | 1 Onlyoffice | 2 Docs, Onlyoffice | 2025-07-03 | 6.1 Medium |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | ||||
| CVE-2023-37229 | 1 Loftware | 1 Spectrum | 2025-07-03 | 8.8 High |
| Loftware Spectrum before 5.1 allows SSRF. | ||||
| CVE-2025-52711 | 1 Boldgrid | 1 Post And Page Builder By Boldgrid - Visual Drag And Drop Editor | 2025-07-03 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8. | ||||
| CVE-2025-39499 | 2025-07-03 | 9.8 Critical | ||
| Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection.This issue affects Medicare: from n/a through 2.1.0. | ||||
| CVE-2024-34198 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-03 | 9.8 Critical |
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | ||||
| CVE-2025-47561 | 2025-07-03 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in PT Norther Lights Production MapSVG allows Privilege Escalation.This issue affects MapSVG: from n/a before 8.6.13. | ||||
| CVE-2025-47560 | 2025-07-03 | 5 Medium | ||
| Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MapSVG: from n/a before 8.6.13. | ||||
| CVE-2025-47558 | 2025-07-03 | 7.5 High | ||
| Missing Authorization vulnerability in PT Norther Lights Production MapSVG allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MapSVG: from n/a before 8.6.13. | ||||
| CVE-2024-57599 | 1 Douco | 1 Douphp | 2025-07-03 | 4.8 Medium |
| Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | ||||
| CVE-2024-55215 | 1 Jrohy | 1 Trojan | 2025-07-03 | 9.8 Critical |
| An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. | ||||