Export limit exceeded: 364122 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364122 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364122 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53170 1 Huawei 1 Harmonyos 2025-07-15 4 Medium
Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-5228 2 D-link, Dlink 3 Di-8100, Di-8100, Di-8100 Firmware 2025-07-15 8.8 High
A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used.
CVE-2025-5492 1 Dlink 2 Di-500wf-wt, Di-500wf-wt Firmware 2025-07-15 6.3 Medium
A vulnerability has been found in D-Link DI-500WF-WT up to 20250511 and classified as critical. Affected by this vulnerability is the function sub_456DE8 of the file /msp_info.htm?flag=cmd of the component /usr/sbin/jhttpd. The manipulation of the argument cmd leads to command injection. The attack can be launched remotely.
CVE-2025-5571 2 D-link, Dlink 3 Dcs-932l, Dcs-932l, Dcs-932l Firmware 2025-07-15 6.3 Medium
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. Affected is the function setSystemAdmin of the file /setSystemAdmin. The manipulation of the argument AdminID leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-7612 2 Anisha, Code-projects 2 Mobile Shop, Mobile Shop 2025-07-15 7.3 High
A vulnerability was found in code-projects Mobile Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-45588 1 Fortinet 2 Forticlient, Forticlientmac 2025-07-15 7.8 High
An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
CVE-2025-51650 1 Qianfox 1 Foxcms 2025-07-15 5.6 Medium
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
CVE-2025-51652 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.
CVE-2025-51653 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
CVE-2025-2359 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2025-07-15 7.3 High
A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-51654 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.
CVE-2025-2360 2 D-link, Dlink 3 Dir-823g, Dir-823g, Dir-823g Firmware 2025-07-15 7.3 High
A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2019-17659 1 Fortinet 1 Fortisiem 2025-07-15 3.6 Low
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
CVE-2025-51655 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
CVE-2025-51656 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
CVE-2024-11169 1 Librechat 1 Librechat 2025-07-15 N/A
An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.
CVE-2024-11170 1 Librechat 1 Librechat 2025-07-15 N/A
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.
CVE-2025-51657 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
CVE-2024-31141 2 Apache, Redhat 3 Kafka, Amq Streams, Apache Camel Spring Boot 2025-07-15 6.5 Medium
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0. Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none". Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds. For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property. For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property.
CVE-2025-51658 1 Sem-cms 1 Semcms 2025-07-15 5.4 Medium
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.