Search

Search Results (363500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39925 2 Dani-garcia, Vaultwarden 2 Vaultwarden, Vaultwarden 2025-07-10 6.5 Medium
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. Consequently, an authenticated user could gain unauthorized access to encrypted data of any organization, even if the user is not a member of the targeted organization. However, the user would need to know the corresponding organizationId. Hence, if a user (whose access to an organization has been revoked) already possesses the organization key, that user could use the key to decrypt the leaked data.
CVE-2024-39926 2 Dani-garcia, Vaultwarden 2 Vaultwarden, Vaultwarden 2025-07-10 5.4 Medium
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the application blocks most exploitation paths, significantly mitigating the potential impact.
CVE-2024-42404 2 Collne, Welcart 2 Welcart, Welcart E-commerce 2025-07-10 8.8 High
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
CVE-2024-45366 1 Welcart 1 Welcart E-commerce 2025-07-10 6.1 Medium
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVE-2023-49203 1 Technitium 2 Dns Server, Dnsserver 2025-07-10 7.5 High
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.
CVE-2025-21008 1 Samsung 1 Android 2025-07-10 5.5 Medium
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
CVE-2025-21009 1 Samsung 1 Android 2025-07-10 5.5 Medium
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
CVE-2024-39134 2 Gdraheim, Zziplib 2 Zziplib, Zziplib 2025-07-10 7.5 High
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
CVE-2024-27905 2 Apache, Apache Software Foundation 2 Aurora, Apache Aurora 2025-07-10 9.1 Critical
** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-48916 1 Joshfabean 1 Bookable Calendar 2025-07-10 6.5 Medium
Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.
CVE-2025-45988 1 B-link 18 Bl-ac1900, Bl-ac1900 Firmware, Bl-ac2100 Az3 and 15 more 2025-07-10 9.8 Critical
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function.
CVE-2025-45987 1 B-link 14 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 11 more 2025-07-10 9.8 Critical
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function.
CVE-2025-45985 1 B-link 16 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 13 more 2025-07-10 9.8 Critical
Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function.
CVE-2025-45984 1 B-link 18 Bl-ac1900, Bl-ac1900 Firmware, Bl-ac2100 Az3 and 15 more 2025-07-10 9.8 Critical
Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via the routepwd parameter in the sub_45B238 function.
CVE-2024-6344 1 Zkteco 1 Zkbiosecurity V5000 2025-07-10 2.4 Low
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The vendor explains, that "[s]ince ZKBio CVSecurity v5000 has been withdrawn from the market, we recommend upgrading to ZKBio CVSecurity V6600 6.1.3_R or above". This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-53753 2025-07-10 N/A
Not used
CVE-2025-53752 2025-07-10 N/A
Not used
CVE-2025-53751 2025-07-10 N/A
Not used
CVE-2025-53750 2025-07-10 N/A
Not used
CVE-2025-53749 2025-07-10 N/A
Not used