Export limit exceeded: 363853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363853 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-7419 1 Tenda 3 O3, O3 Firmware, O3v2 2025-07-16 8.8 High
A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7420 1 Tenda 3 O3, O3 Firmware, O3v2 2025-07-16 8.8 High
A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7408 2 Pushpam02, Sourcecodester 2 Zoo Management System, Zoo Management System 2025-07-16 3.5 Low
A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6674 1 Gabderrahim 1 Ckeditor5 Youtube 2025-07-16 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3.
CVE-2025-20924 1 Samsung 1 Notes 2025-07-16 4.6 Medium
Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles.
CVE-2025-20925 1 Samsung 1 Notes 2025-07-16 5.5 Medium
Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory.
CVE-2025-20927 1 Samsung 1 Notes 2025-07-16 5.5 Medium
Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.
CVE-2025-20928 2 Samsung, Samsung Mobile 2 Notes, Samsung Notes 2025-07-16 5.5 Medium
Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory.
CVE-2024-38459 1 Langchain 2 Langchain-experimental, Langchain Experimental 2025-07-16 7.8 High
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
CVE-2025-34085 2025-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36847.
CVE-2025-34084 2025-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36848.
CVE-2025-34083 2025-07-16 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36849.
CVE-2024-12058 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-16 6.8 Medium
External control of a file name in Ivanti Connect Secure before version 22.7R2.6 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to read arbitrary files.
CVE-2024-2872 2 Swift Framework, Swiftideas 2 Socialdriver-framework, Swift Framework 2025-07-16 4.8 Medium
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2025-3538 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2025-07-16 8.8 High
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.
CVE-2025-3693 1 Tenda 2 W12, W12 Firmware 2025-07-16 8.8 High
A vulnerability was found in Tenda W12 3.0.0.5. It has been rated as critical. Affected by this issue is the function cgiWifiRadioSet of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3785 1 Dlink 2 Dwr-m961, Dwr-m961 Firmware 2025-07-16 8.8 High
A vulnerability has been found in D-Link DWR-M961 1.1.36 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formStaticDHCP of the component Authorization Interface. The manipulation of the argument Hostname leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.49 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2024-32119 1 Fortinet 1 Forticlientems 2025-07-16 4.6 Medium
An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests.
CVE-2023-48786 1 Fortinet 1 Forticlientems 2025-07-16 4.1 Medium
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests.
CVE-2025-22859 1 Fortinet 2 Forticlientems, Forticlientems Cloud 2025-07-16 5 Medium
A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests.