Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23097 1 Samsung 2 Exynos 1380, Exynos 1380 Firmware 2025-06-06 9.1 Critical
An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.
CVE-2025-23100 1 Samsung 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more 2025-06-06 7.5 High
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.
CVE-2025-23098 1 Samsung 14 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 11 more 2025-06-06 7.8 High
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-5663 1 Phpgurukul 1 Auto\/taxi Stand Management System 2025-06-06 7.3 High
A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5660 1 Phpgurukul 1 Complaint Management System 2025-06-06 6.3 Medium
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5659 1 Phpgurukul 1 Complaint Management System 2025-06-06 6.3 Medium
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5652 1 Phpgurukul 1 Complaint Management System 2025-06-06 6.3 Medium
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-51955 1 Tenda 2 Ax1803, Ax1803 Firmware 2025-06-06 6.5 Medium
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
CVE-2023-48909 1 Aarboard 1 Jave2 2025-06-06 8.8 High
An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.
CVE-2022-41545 1 Netgear 2 C7800, C7800 Firmware 2025-06-06 6.4 Medium
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack.
CVE-2025-26158 1 Kashipara 1 Online Attendance Management System 2025-06-06 5.6 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter.
CVE-2025-26157 1 Darkseid 1 Beauty Parlour Management System 2025-06-06 5.9 Medium
A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter.
CVE-2024-57604 1 Mayswind 1 Ezbookkeeping 2025-06-06 9.8 Critical
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.
CVE-2024-57603 1 Mayswind 1 Ezbookkeeping 2025-06-06 6.3 Medium
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.
CVE-2025-5516 1 Totolink 2 X2000r, X2000r Firmware 2025-06-06 2.4 Low
A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5502 1 Totolink 2 X15, X15 Firmware 2025-06-06 6.3 Medium
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-0212 1 Cloudflare 1 Cloudflare 2025-06-06 8.1 High
The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.
CVE-2023-29048 1 Open-xchange 1 Ox App Suite 2025-06-06 8.8 High
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.
CVE-2025-5525 1 Jrohy 1 Trojan 2025-06-06 5.6 Medium
A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2023-49617 1 Machinesense 2 Feverwarn, Feverwarn Firmware 2025-06-06 10 Critical
The MachineSense application programmable interface (API) is improperly protected and can be accessed without authentication. A remote attacker could retrieve and modify sensitive information without any authentication.