Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37009 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 6.3 Medium |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | ||||
| CVE-2023-37010 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 6.3 Medium |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | ||||
| CVE-2023-37011 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 6.3 Medium |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | ||||
| CVE-2023-37012 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 5.3 Medium |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service. | ||||
| CVE-2023-37022 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 7.5 High |
| Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | ||||
| CVE-2023-37023 | 1 Open5gs | 1 Open5gs | 2025-04-22 | 8.6 High |
| Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | ||||
| CVE-2025-29189 | 1 Flowiseai | 1 Flowise | 2025-04-22 | 7.6 High |
| Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores. | ||||
| CVE-2025-29390 | 1 Jerryhanjj | 1 Erp | 2025-04-22 | 8.8 High |
| jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php. | ||||
| CVE-2025-29391 | 1 Horvey | 1 Library-manager | 2025-04-22 | 7.2 High |
| horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php. | ||||
| CVE-2024-40068 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.9 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. | ||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.4 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. | ||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.1 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-40072 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. | ||||
| CVE-2024-40073 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. | ||||
| CVE-2024-40074 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 4.8 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. | ||||
| CVE-2024-28276 | 1 Rems | 1 School Task Manager | 2025-04-22 | 6.1 Medium |
| Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. | ||||
| CVE-2024-34226 | 1 Oretnom23 | 1 Visitor Management System | 2025-04-22 | 9.4 Critical |
| SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. | ||||
| CVE-2025-22903 | 1 Totolink | 2 N600r, N600r Firmware | 2025-04-22 | 4.6 Medium |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. | ||||
| CVE-2025-22900 | 1 Totolink | 2 N600r, N600r Firmware | 2025-04-22 | 9.8 Critical |
| Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. | ||||