Export limit exceeded: 366369 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366369 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7103 2 Boyun, Boyuncms Project 2 Boyuncms, Boyuncms 2025-09-15 6.3 Medium
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-22188 1 Typo3 1 Typo3 2025-09-15 7.2 High
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
CVE-2024-27355 2 Debian, Phpseclib 2 Debian Linux, Phpseclib 2025-09-15 7.5 High
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).
CVE-2025-25223 1 Luxsoft 1 Luxcal Web Calendar 2025-09-15 5.3 Medium
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a path traversal vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
CVE-2024-24323 1 Linlinjava 1 Litemall 2025-09-15 7.2 High
SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component.
CVE-2025-25224 1 Luxsoft 1 Luxcal Web Calendar 2025-09-15 7.5 High
The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains a missing authentication vulnerability in dloader.php. If this vulnerability is exploited, arbitrary files on a server may be obtained.
CVE-2024-32474 2 Getsentry, Sentry 2 Sentry, Sentry 2025-09-15 7.3 High
Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the _event_: `auth-index.validate_superuser`. An attacker with access to the log data could use these leaked credentials to login to the Sentry system as superuser. Self-hosted users on affected versions should upgrade to 24.4.1 or later. Users can configure the logging level to exclude logs of the `INFO` level and only generate logs for levels at `WARNING` or more.
CVE-2024-22905 1 Arm 2 Mbed-os, Mbed Os 2025-09-15 7 High
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.
CVE-2024-22807 1 Tormach 2 Pathpilot Controller, Xstech Cnc Router 2025-09-15 6.5 Medium
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption.
CVE-2024-22808 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 7.5 High
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory.
CVE-2024-22809 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 6.5 Medium
Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information.
CVE-2024-22811 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 8.2 High
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory.
CVE-2024-22813 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 4.4 Medium
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller.
CVE-2024-22815 1 Tormach 3 Pathpilot Controller, Pilotpath Controller, Xstech Cnc Router 2025-09-15 5.3 Medium
An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands.
CVE-2024-29376 1 Sylius 1 Sylius 2025-09-15 6.4 Medium
Sylius 1.12.13 is vulnerable to Cross Site Scripting (XSS) via the "Province" field in Address Book.
CVE-2025-52485 1 Dnnsoftware 1 Dotnetnuke 2025-09-15 5.4 Medium
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
CVE-2025-52486 1 Dnnsoftware 2 Dnn Platform, Dotnetnuke 2025-09-15 6.1 Medium
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
CVE-2024-7344 7 Cs-grp, Greenware, Howyar and 4 more 7 Neo Impact, Greenguard, Sysreturn and 4 more 2025-09-15 8.2 High
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.
CVE-2024-50698 1 Sungrowpower 2 Winet-s, Winet-s Firmware 2025-09-15 9.8 Critical
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
CVE-2025-52487 1 Dnnsoftware 1 Dotnetnuke 2025-09-15 7.5 High
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.