Search

Search Results (364439 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47027 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-23 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46035 1 Tenda 2 Ac6, Ac6 Firmware 2025-06-23 7.5 High
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
CVE-2025-47114 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-23 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47082 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-23 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47037 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-23 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-38030 1 Linux 1 Linux Kernel 2025-06-23 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-25678 1 Litespeedtech 1 Lsquic 2025-06-20 5.9 Medium
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
CVE-2024-25312 1 Code-projects 1 Simple School Management System 2025-06-20 8.8 High
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."
CVE-2024-25310 1 Code-projects 1 Simple School Management System 2025-06-20 8.8 High
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."
CVE-2024-25307 1 Code-projects 1 Cinema Seat Reservation System 2025-06-20 9.8 Critical
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."
CVE-2024-25200 1 Espruino 1 Espruino 2025-06-20 7.5 High
Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.
CVE-2024-24321 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-06-20 9.8 Critical
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
CVE-2024-24215 1 Cellinx 1 Nvt Web Server 2025-06-20 5.3 Medium
An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request.
CVE-2024-24189 1 Jsish 1 Jsish 2025-06-20 9.8 Critical
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
CVE-2024-24015 1 Xxyopen 1 Novel-plus 2025-06-20 9.8 Critical
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit
CVE-2024-22853 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2025-06-20 9.8 Critical
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
CVE-2024-22836 1 Akaunting 1 Akaunting 2025-06-20 9.8 Critical
An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server.
CVE-2024-22715 1 Codelyfe 1 Stupid Simple Cms 2025-06-20 8.8 High
Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.
CVE-2023-47889 1 Binhdrm26 1 Super Reboot 2025-06-20 7.8 High
The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.
CVE-2023-46350 1 Innovadeluxe 1 Manufacturer Or Supplier Alphabetical Search 2025-06-20 9.8 Critical
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.