Search

Search Results (363984 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7067 1 Hdfgroup 1 Hdf5 2025-07-13 3.3 Low
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-50260 1 Tenda 2 Ac6, Ac6 Firmware 2025-07-13 7.5 High
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter.
CVE-2025-50263 1 Tenda 2 Ac6, Ac6 Firmware 2025-07-13 8.1 High
Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.
CVE-2025-3467 1 Langgenius 1 Dify 2025-07-13 5.4 Medium
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerability is triggered, potentially exposing sensitive token information to the attacker.
CVE-2025-7136 1 Campcodes 1 Online Recruitment Management System 2025-07-13 7.3 High
A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/view_vacancy.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7135 1 Campcodes 1 Online Recruitment Management System 2025-07-13 7.3 High
A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7150 1 Campcodes 1 Advanced Online Voting System 2025-07-13 6.3 Medium
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/voters_delete.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3466 1 Langgenius 1 Dify 2025-07-13 7.2 High
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3.
CVE-2025-7147 1 Codeastro 1 Patient Record Management System 2025-07-13 7.3 High
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7149 1 Campcodes 1 Advanced Online Voting System 2025-07-13 6.3 Medium
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/candidates_delete.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7134 1 Campcodes 1 Online Recruitment Management System 2025-07-13 7.3 High
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_application. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-49538 1 Adobe 1 Coldfusion 2025-07-13 7.4 High
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation of this issue does not require user interaction, and attack must have access to shared secrets.
CVE-2025-6770 1 Ivanti 1 Endpoint Manager Mobile 2025-07-13 7.2 High
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVE-2025-7161 1 Phpgurukul 1 Zoo Management System 2025-07-13 6.3 Medium
A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7162 1 Phpgurukul 1 Zoo Management System 2025-07-13 6.3 Medium
A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/add-foreigners-ticket.php. The manipulation of the argument cprice leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6995 1 Ivanti 1 Endpoint Manager 2025-07-13 8.4 High
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords.
CVE-2025-0293 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-13 6.6 Medium
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
CVE-2025-47135 3 Adobe, Apple, Microsoft 3 Dimension, Macos, Windows 2025-07-13 5.5 Medium
Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2025-7172 1 Code-projects 1 Crime Reporting System 2025-07-13 7.3 High
A vulnerability, which was classified as critical, was found in code-projects Crime Reporting System 1.0. This affects an unknown part of the file /headlogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-20682 2 Mediatek, Openwrt 10 Mt6890, Mt7615, Mt7622 and 7 more 2025-07-13 9.8 Critical
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445.