Export limit exceeded: 363674 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47951 1 Weblate 1 Weblate 2025-07-16 4.9 Medium
Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in version 5.12.
CVE-2025-7602 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2025-07-16 7.2 High
A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arp_sys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7603 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2025-07-16 7.2 High
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. Affected is an unknown function of the file /jingx.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7604 1 Phpgurukul 1 Hospital Management System 2025-07-16 7.3 High
A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user-login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7605 2 Anisha, Code-projects 2 Avl Rooms, Avl Rooms 2025-07-16 7.3 High
A vulnerability was found in code-projects AVL Rooms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument first_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7613 1 Totolink 2 T6, T6 Firmware 2025-07-16 6.3 Medium
A vulnerability was found in TOTOLINK T6 4.1.5cu.748. It has been rated as critical. This issue affects the function CloudSrvVersionCheck of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7614 1 Totolink 2 T6, T6 Firmware 2025-07-16 6.3 Medium
A vulnerability classified as critical has been found in TOTOLINK T6 4.1.5cu.748. Affected is the function delDevice of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ipAddr leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7615 1 Totolink 2 T6, T6 Firmware 2025-07-16 6.3 Medium
A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. Affected by this vulnerability is the function clearPairCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1392 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-07-16 3.5 Low
A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-25282 1 Infiniflow 1 Ragflow 2025-07-16 N/A
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET /<tenant_id>/user/list), add user account to other tenant (POST /<tenant_id>/user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix.
CVE-2025-34075 1 Hashicorp 1 Vagrant 2025-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution. Rejected as CVE due to documented, intended behavior that does not violate a claimed security boundary.  https://developer.hashicorp.com/vagrant/docs/synced-folders
CVE-2025-1819 1 Tenda 2 Ac7, Ac7 Firmware 2025-07-16 6.3 Medium
A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Affected is the function TendaTelnet of the file /goform/telnet. The manipulation of the argument lan_ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7357 2 D-link, Dlink 3 Dir-600, Dir-600, Dir-600 Firmware 2025-07-16 6.3 Medium
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
CVE-2024-46946 1 Langchain 2 Langchain-experimental, Langchain Experimental 2025-07-16 9.8 Critical
langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05).
CVE-2024-23106 1 Fortinet 1 Forticlientems 2025-07-16 7.7 High
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests.
CVE-2024-46667 1 Fortinet 1 Fortisiem 2025-07-16 6.9 Medium
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.
CVE-2017-18524 1 Antoineh 1 Football Pool 2025-07-16 N/A
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
CVE-2024-47572 1 Fortinet 1 Fortisoar 2025-07-16 8.3 High
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file
CVE-2018-8327 1 Microsoft 2 Powershell, Powershell Editor Services 2025-07-16 9.8 Critical
A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension.
CVE-2021-26700 1 Microsoft 2 Npm, Visual Studio Code Npm-script Extension 2025-07-16 7.8 High
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability