Search

Search Results (364922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-55585 1 Totolink 2 A3002r, A3002r Firmware 2025-08-21 6.5 Medium
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
CVE-2025-55584 1 Totolink 2 A3002r, A3002r Firmware 2025-08-21 5.3 Medium
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
CVE-2024-26484 1 Getkirby 1 Kirby 2025-08-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled.
CVE-2024-26482 1 Getkirby 1 Kirby 2025-08-21 7.1 High
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur.
CVE-2025-9013 1 Phpgurukul 1 Online Shopping Portal Project 2025-08-21 7.3 High
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-3834 1 Bugfinder 1 Ex-rate 2025-08-21 3.5 Low
A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-3847 1 Moosocial 1 Moodating 2025-08-21 3.5 Low
A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVE-2023-3858 1 Phpscriptpoint 1 Car Listing 2025-08-21 3.5 Low
A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-54411 1 Discourse 1 Discourse 2025-08-21 N/A
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonate any users for the time being. This vulnerability is fixed in 3.5.0.beta8.
CVE-2025-53191 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2025-08-21 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-53190 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2025-08-21 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-53189 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2025-08-21 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-53188 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2025-08-21 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-57832 2025-08-21 N/A
Not used
CVE-2025-57831 2025-08-21 N/A
Not used
CVE-2025-57830 2025-08-21 N/A
Not used
CVE-2025-57829 2025-08-21 N/A
Not used
CVE-2025-57828 2025-08-21 N/A
Not used
CVE-2025-57827 2025-08-21 N/A
Not used
CVE-2025-57826 2025-08-21 N/A
Not used