Search

Search Results (366186 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47947 2 Redhat, Trustwave 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2025-06-20 7.5 High
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
CVE-2024-46919 1 Samsung 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more 2025-06-20 5.3 Medium
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.
CVE-2024-48883 1 Samsung 38 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 35 more 2025-06-20 4.3 Medium
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in an information leak of the UE.
CVE-2024-46920 1 Samsung 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more 2025-06-20 6.5 Medium
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.
CVE-2024-46921 1 Samsung 34 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 31 more 2025-06-20 6.5 Medium
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack).
CVE-2024-13618 1 Osteopathic 1 Downloadable By American Osteopathic Association 2025-06-20 7.2 High
The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
CVE-2024-13617 1 Osteopathic 1 Downloadable By American Osteopathic Association 2025-06-20 8.6 High
The aoa-downloadable WordPress plugin through 0.1.0 doesn't validate a parameter in its download function, allowing unauthenticated attackers to download arbitrary files from the server
CVE-2025-5886 1 Emlog 1 Emlog 2025-06-20 3.5 Low
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-48013 1 Quick Node Block Project 1 Quick Node Block 2025-06-20 5.3 Medium
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
CVE-2025-48444 1 Quick Node Block Project 1 Quick Node Block 2025-06-20 5.3 Medium
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
CVE-2025-48447 1 Lightgallery Project 1 Lightgallery 2025-06-20 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
CVE-2025-6130 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-20 8.8 High
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6138 1 Totolink 2 T10, T10 Firmware 2025-06-20 8.8 High
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-47015 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46990 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47007 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-47033 1 Adobe 2 Adobe Experience Manager, Experience Manager 2025-06-20 5.4 Medium
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-5739 1 Totolink 2 X15, X15 Firmware 2025-06-20 8.8 High
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0313 1 Ollama 1 Ollama 2025-06-20 N/A
** REJECT ** DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-12055. Notes: All CVE users should reference CVE-2024-12055 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2025-23088 1 Nodejs 1 Node.js 2025-06-20 8.8 High
This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities