Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12058 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-07-16 | 6.8 Medium |
| External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files. | ||||
| CVE-2024-2872 | 2 Swift Framework, Swiftideas | 2 Socialdriver-framework, Swift Framework | 2025-07-16 | 4.8 Medium |
| The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2025-3538 | 2 D-link, Dlink | 3 Di-8100, Di-8100, Di-8100 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3693 | 1 Tenda | 2 W12, W12 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3785 | 1 Dlink | 2 Dwr-m961, Dwr-m961 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-32119 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | 4.6 Medium |
| An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. | ||||
| CVE-2023-48786 | 1 Fortinet | 1 Forticlientems | 2025-07-16 | 4.1 Medium |
| A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. | ||||
| CVE-2025-22859 | 1 Fortinet | 2 Forticlientems, Forticlientems Cloud | 2025-07-16 | 5 Medium |
| A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. | ||||
| CVE-2024-52968 | 1 Fortinet | 2 Forticlient, Forticlientmac | 2025-07-16 | 5.8 Medium |
| An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password. | ||||
| CVE-2024-40586 | 1 Fortinet | 2 Forticlient, Forticlientwindows | 2025-07-16 | 6.3 Medium |
| An Improper Access Control vulnerability [CWE-284] in FortiClient Windows version 7.4.0, version 7.2.6 and below, version 7.0.13 and below may allow a local user to escalate his privileges via FortiSSLVPNd service pipe. | ||||
| CVE-2025-2653 | 1 Qianfox | 1 Foxcms | 2025-07-16 | 4.3 Medium |
| A vulnerability was found in FoxCMS 1.25 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7409 | 2 Anisha, Code-projects | 2 Mobile Shop, Mobile Shop | 2025-07-16 | 7.3 High |
| A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of the file /LoginAsAdmin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7410 | 2 Anisha, Code-projects | 2 Lifestyle Store, Lifestyle Store | 2025-07-16 | 7.3 High |
| A vulnerability was found in code-projects LifeStyle Store 1.0. It has been classified as critical. Affected is an unknown function of the file /cart_remove.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7411 | 2 Anisha, Code-projects | 2 Lifestyle Store, Lifestyle Store | 2025-07-16 | 7.3 High |
| A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /success.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7412 | 1 Code-projects | 1 Library System | 2025-07-16 | 6.3 Medium |
| A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7413 | 1 Code-projects | 1 Library System | 2025-07-16 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7414 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-07-16 | 6.3 Medium |
| A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7415 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-07-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7416 | 1 Tenda | 3 O3, O3 Firmware, O3v2 | 2025-07-16 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation of the argument Time leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7454 | 1 Campcodes | 1 Online Movie Theater Seat Reservation System | 2025-07-16 | 7.3 High |
| A vulnerability classified as critical has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected is an unknown function of the file /admin/manage_theater.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||