Search

Search Results (364863 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-6335 1 Facebook 1 Hhvm 2025-05-06 7.5 High
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
CVE-2018-6332 1 Facebook 1 Hhvm 2025-05-06 5.9 Medium
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
CVE-2018-19918 1 Cuppacms 1 Cuppacms 2025-05-06 5.4 Medium
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19906 1 Razorcms 1 Razorcms 2025-05-06 5.4 Medium
Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter.
CVE-2018-19905 1 Razorcms 1 Razorcms 2025-05-06 5.4 Medium
HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter.
CVE-2018-18601 1 Guardzilla 2 Gz621w, Gz621w Firmware 2025-05-06 8.1 High
The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow.
CVE-2018-18600 1 Guardzilla 4 180 Indoor, 180 Indoor Firmware, 180 Outdoor and 1 more 2025-05-06 8.1 High
The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter.
CVE-2024-23530 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-23529 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-12683 1 Brijeshk89 1 Smart Maintenance Mode 2025-05-06 3.5 Low
The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-2855 1 Eladmin 1 Eladmin 2025-05-06 4.7 Medium
A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is the function checkFile of the file /api/deploy/upload. The manipulation of the argument servers leads to deserialization. The attack may be launched remotely.
CVE-2024-23528 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2022-41787 1 F5 2 Big-ip Domain Name System, Big-ip Local Traffic Manager 2025-05-06 7.5 High
In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.
CVE-2023-6929 1 Eurotel 2 Etl3100, Etl3100 Firmware 2025-05-06 7.5 High
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.
CVE-2025-28220 1 Tenda 2 W6-s, W6-s Firmware 2025-05-06 7.5 High
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
CVE-2022-34311 1 Ibm 1 Cics Tx 2025-05-06 4.3 Medium
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.
CVE-2021-4437 1 Dbartholomae 1 Lambda-middleware 2025-05-06 3.5 Low
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.
CVE-2023-51458 1 Adobe 1 Experience Manager 2025-05-06 5.4 Medium
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-1557 1 Mozilla 1 Firefox 2025-05-06 8.1 High
Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.
CVE-2022-24669 1 Forgerock 1 Access Management 2025-05-06 6.5 Medium
It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.