Search

Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7154 1 Totolink 2 N200re, N200re Firmware 2025-07-16 6.3 Medium
A vulnerability, which was classified as critical, has been found in TOTOLINK N200RE 9.3.5u.6095_B20200916/9.3.5u.6139_B20201216. Affected by this issue is the function sub_41A0F8 of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-21002 2 Samsung, Samsung Mobile 2 Android, Samsung Mobile Devices 2025-07-16 6.2 Medium
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.
CVE-2025-21003 2 Samsung, Samsung Mobile 2 Android, Samsung Mobile Devices 2025-07-16 4 Medium
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
CVE-2025-20971 1 Samsung 1 Flow 2025-07-16 5.5 Medium
Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.
CVE-2025-20977 2 Samsung, Samsung Mobile 2 Notes, Samsung Notes 2025-07-16 3.3 Low
Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
CVE-2025-5969 1 Dlink 2 Dir-632, Dir-632 Firmware 2025-07-16 8.8 High
A vulnerability has been found in D-Link DIR-632 FW103B08 and classified as critical. Affected by this vulnerability is the function FUN_00425fd8 of the file /biurl_grou of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-42648 1 Emqx 1 Nanomq 2025-07-16 6.5 Medium
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVE-2024-42646 1 Emqx 1 Nanomq 2025-07-16 7.5 High
A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
CVE-2025-24286 1 Veeam 1 Veeam Backup \& Replication 2025-07-16 7.2 High
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVE-2025-22460 1 Ivanti 1 Cloud Services Appliance 2025-07-16 7.8 High
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
CVE-2025-22462 1 Ivanti 1 Neurons For Itsm 2025-07-16 9.8 Critical
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system.
CVE-2025-29627 1 Keepersecurity 1 Keeperchat 2025-07-16 6.8 Medium
An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
CVE-2024-42649 1 Emqx 1 Nanomq 2025-07-16 6.5 Medium
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVE-2025-20930 1 Samsung 1 Notes 2025-07-16 5.5 Medium
Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.
CVE-2025-20932 2 Samsung, Samsung Mobile 2 Notes, Samsung Notes 2025-07-16 5.5 Medium
Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory.
CVE-2025-20933 1 Samsung 1 Notes 2025-07-16 5.5 Medium
Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.
CVE-2025-27867 1 Apache 1 Felix Http Webconsole Plugin 2025-07-16 5.6 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
CVE-2024-10296 1 Phpgurukul 1 Medical Card Generation System 2025-07-16 4.7 Medium
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-28168 1 Apache 2 Formatting Objects Processor, Xml Graphics Fop 2025-07-16 7.5 High
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.
CVE-2025-20916 1 Samsung 1 Notes 2025-07-16 5.5 Medium
Out-of-bounds read in reading string of SPen in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.