Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45366 | 1 Welcart | 1 Welcart E-commerce | 2025-07-10 | 6.1 Medium |
| Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | ||||
| CVE-2023-49203 | 1 Technitium | 2 Dns Server, Dnsserver | 2025-07-10 | 7.5 High |
| Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic. | ||||
| CVE-2025-21008 | 1 Samsung | 1 Android | 2025-07-10 | 5.5 Medium |
| Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | ||||
| CVE-2025-21009 | 1 Samsung | 1 Android | 2025-07-10 | 5.5 Medium |
| Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | ||||
| CVE-2024-39134 | 2 Gdraheim, Zziplib | 2 Zziplib, Zziplib | 2025-07-10 | 7.5 High |
| A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. | ||||
| CVE-2024-27905 | 2 Apache, Apache Software Foundation | 2 Aurora, Apache Aurora | 2025-07-10 | 9.1 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-48916 | 1 Joshfabean | 1 Bookable Calendar | 2025-07-10 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13. | ||||
| CVE-2025-45988 | 1 B-link | 18 Bl-ac1900, Bl-ac1900 Firmware, Bl-ac2100 Az3 and 15 more | 2025-07-10 | 9.8 Critical |
| Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the cmd parameter in the bs_SetCmd function. | ||||
| CVE-2025-45987 | 1 B-link | 14 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 11 more | 2025-07-10 | 9.8 Critical |
| Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection vulnerabilities via the dns1 and dns2 parameters in the bs_SetDNSInfo function. | ||||
| CVE-2025-45985 | 1 B-link | 16 Bl-ac2100 Az3, Bl-ac2100 Az3 Firmware, Bl-f1200 At1 and 13 more | 2025-07-10 | 9.8 Critical |
| Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection vulnerability via the bs_SetSSIDHide function. | ||||
| CVE-2025-45984 | 1 B-link | 18 Bl-ac1900, Bl-ac1900 Firmware, Bl-ac2100 Az3 and 15 more | 2025-07-10 | 9.8 Critical |
| Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection vulnerability via the routepwd parameter in the sub_45B238 function. | ||||
| CVE-2024-6344 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2025-07-10 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of the argument Configuration Name leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The vendor explains, that "[s]ince ZKBio CVSecurity v5000 has been withdrawn from the market, we recommend upgrading to ZKBio CVSecurity V6600 6.1.3_R or above". This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-53753 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53752 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53751 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53750 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53749 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53748 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53747 | 2025-07-10 | N/A | ||
| Not used | ||||
| CVE-2025-53746 | 2025-07-10 | N/A | ||
| Not used | ||||