Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25830 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | 9.8 Critical |
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | ||||
| CVE-2024-27719 | 1 Rems | 1 Faq Management System | 2025-06-10 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. | ||||
| CVE-2023-51761 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | 8.3 High |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | ||||
| CVE-2023-43609 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | 6.9 Medium |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | ||||
| CVE-2024-48231 | 1 Funadmin | 1 Funadmin | 2025-06-10 | 7.2 High |
| Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php. | ||||
| CVE-2024-48424 | 1 Assimp | 1 Assimp | 2025-06-10 | 5.5 Medium |
| A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. | ||||
| CVE-2024-48425 | 1 Assimp | 1 Assimp | 2025-06-10 | 5.5 Medium |
| A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference. | ||||
| CVE-2024-48228 | 1 Funadmin | 1 Funadmin | 2025-06-10 | 6.1 Medium |
| An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). | ||||
| CVE-2024-48178 | 1 Newbee-mall Project | 1 Newbee-mall | 2025-06-10 | 8.1 High |
| newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. | ||||
| CVE-2024-33809 | 1 Pingcap | 1 Tidb | 2025-06-10 | 6.5 Medium |
| PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks. | ||||
| CVE-2024-35110 | 1 Yzmcms | 1 Yzmcms | 2025-06-10 | 5.5 Medium |
| A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker. | ||||
| CVE-2024-31613 | 1 Bosscms | 1 Bosscms | 2025-06-10 | 5.4 Medium |
| BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." | ||||
| CVE-2024-37840 | 1 Itsourcecode | 2 Learning Management System, Learning Management System Project In Php | 2025-06-10 | 8.8 High |
| SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. | ||||
| CVE-2024-33300 | 1 Typora | 1 Typora | 2025-06-10 | 7.3 High |
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | ||||
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | 6.1 Medium |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | ||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2025-06-10 | 4.3 Medium |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | ||||
| CVE-2024-33789 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | 9.8 Critical |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | ||||
| CVE-2024-27453 | 1 Extremenetworks | 1 Extremexos | 2025-06-10 | 8.6 High |
| In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). | ||||
| CVE-2024-34462 | 1 Alinto | 1 Sogo | 2025-06-10 | 6.1 Medium |
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | ||||
| CVE-2024-31580 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-06-10 | 4 Medium |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||