Search Results (364348 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-23435 1 Honor 1 Magicos 2026-01-27 4 Medium
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file
CVE-2023-23428 1 Honor 1 Magicos 2026-01-27 3.3 Low
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVE-2025-56097 1 Ruijie 4 Rg-ew1800gx Pro, Rg-ew1800gx Pro Firmware, Rg-ew300n and 1 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.
CVE-2023-23436 1 Honor 1 Magicos 2026-01-27 7.3 High
Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file
CVE-2023-23429 1 Honor 1 Magicos 2026-01-27 4 Medium
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVE-2023-23427 1 Honor 1 Magicos 2026-01-27 4 Medium
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.
CVE-2025-56102 1 Ruijie 4 Rg-ew1800gx, Rg-ew1800gx Firmware, Rg-ew300r and 1 more 2026-01-27 8.8 High
OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.
CVE-2024-25218 1 Code-projects 1 Task Manager 2026-01-27 4.6 Medium
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php.
CVE-2024-25220 1 Code-projects 1 Task Manager 2026-01-27 9.8 Critical
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
CVE-2024-25222 2 Code-projects, Task Manager In Php With Source Code Project 2 Task Manager, Task Manager In Php With Source Code 2026-01-27 9.8 Critical
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
CVE-2024-25219 2 Code-projects, Task Manager App 2 Task Manager, Task Manager App 2026-01-27 6.1 Medium
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php.
CVE-2024-25221 1 Code-projects 1 Task Manager 2026-01-27 6.1 Medium
A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php.
CVE-2023-31594 1 Icrealtime 2 Icip-p2012t, Icip-p2012t Firmware 2026-01-27 7.5 High
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network.
CVE-2023-31595 1 Icrealtime 2 Icip-p2012t, Icip-p2012t Firmware 2026-01-27 7.5 High
IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.
CVE-2025-58581 1 Sick 1 Enterprise Analytics 2026-01-27 4.3 Medium
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application.
CVE-2025-58582 1 Sick 1 Enterprise Analytics 2026-01-27 5.3 Medium
If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged.
CVE-2025-58583 1 Sick 1 Enterprise Analytics 2026-01-27 5.3 Medium
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
CVE-2025-58584 1 Sick 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more 2026-01-27 5.3 Medium
In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
CVE-2025-9273 1 Cdata 1 Api Server 2026-01-27 N/A
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950.
CVE-2023-29639 1 Zhenfeng13 1 My Blog 2026-01-27 5.4 Medium
Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString.