Search

Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-48447 1 Lightgallery Project 1 Lightgallery 2025-06-20 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
CVE-2025-6130 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-20 8.8 High
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6138 1 Totolink 2 T10, T10 Firmware 2025-06-20 8.8 High
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-47015 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46990 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47007 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47033 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-5739 1 Totolink 2 X15, X15 Firmware 2025-06-20 8.8 High
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0313 1 Ollama 1 Ollama 2025-06-20 N/A
** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-23088 1 Nodejs 1 Node.js 2025-06-20 8.8 High
This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities
CVE-2025-6110 1 Tenda 2 Fh1201, Fh1201 Firmware 2025-06-20 8.8 High
A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6115 2 D-link, Dlink 3 Dir-619l, Dir-619l, Dir-619l Firmware 2025-06-20 8.8 High
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-6114 2 D-link, Dlink 3 Dir-619l, Dir-619l, Dir-619l Firmware 2025-06-20 8.8 High
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-6113 1 Tenda 2 Fh1203, Fh1203 Firmware 2025-06-20 8.8 High
A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6111 1 Tenda 2 Fh1205, Fh1205 Firmware 2025-06-20 8.8 High
A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7804 1 Pytorch 1 Pytorch 2025-06-20 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-7773 1 Ollama 1 Ollama 2025-06-20 N/A
** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45436. Notes: All CVE users should reference CVE-2024-45436 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-26468 1 Cyberdata 1 011209 Sip Emergency Intercom 2025-06-20 7.5 High
CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
CVE-2025-48448 1 Admin Audit Trail Project 1 Admin Audit Trail 2025-06-20 6.5 Medium
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
CVE-2025-6005 1 Kicode111 1 Like-girl 2025-06-20 4.7 Medium
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.