Search
Search Results (364922 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55585 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 6.5 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function. | ||||
| CVE-2025-55584 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-08-21 | 5.3 Medium |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account. | ||||
| CVE-2024-26484 | 1 Getkirby | 1 Kirby | 2025-08-21 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled. | ||||
| CVE-2024-26482 | 1 Getkirby | 1 Kirby | 2025-08-21 | 7.1 High |
| An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. | ||||
| CVE-2025-9013 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-08-21 | 7.3 High |
| A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3834 | 1 Bugfinder | 1 Ex-rate | 2025-08-21 | 3.5 Low |
| A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3847 | 1 Moosocial | 1 Moodating | 2025-08-21 | 3.5 Low |
| A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | ||||
| CVE-2023-3858 | 1 Phpscriptpoint | 1 Car Listing | 2025-08-21 | 3.5 Low |
| A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-54411 | 1 Discourse | 1 Discourse | 2025-08-21 | N/A |
| Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate any users for the time being. This vulnerability is fixed in 3.5.0.beta8. | ||||
| CVE-2025-53191 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-53190 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-53189 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-53188 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-57832 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57831 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57830 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57829 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57828 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57827 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57826 | 2025-08-21 | N/A | ||
| Not used | ||||