Export limit exceeded: 363807 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363807 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-6676 1 Gbyte 1 Simple Xml Sitemap 2025-07-11 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2.
CVE-2025-6677 1 Paragraphs Table Project 1 Paragraphs Table 2025-07-11 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5.
CVE-2025-48908 1 Huawei 1 Harmonyos 2025-07-11 6.7 Medium
Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48907 1 Huawei 1 Harmonyos 2025-07-11 6.2 Medium
Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-6735 1 Juzaweb 1 Cms 2025-07-11 6.3 Medium
A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6736 1 Juzaweb 1 Cms 2025-07-11 6.3 Medium
A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-1704 1 Google 1 Chrome Os 2025-07-11 6.5 Medium
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
CVE-2025-44039 1 Cpplusworld 2 Cp-xr-de21-s, Cp-xr-de21-s Firmware 2025-07-11 5.1 Medium
CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication.
CVE-2025-2762 1 Carlinkit 2 Autokit, Cpc200-ccpa 2025-07-11 N/A
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-25948.
CVE-2025-2073 2 Google, Linux 2 Chrome Os, Linux Kernel 2025-07-11 8.8 High
Out-of-Bounds Read in netfilter/ipset in Linux Kernel ChromeOS [6.1, 5.15, 5.10, 5.4, 4.19] allows a local attacker with low privileges to trigger an out-of-bounds read, potentially leading to information disclosure
CVE-2025-2763 1 Carlinkit 2 Autokit, Cpc200-ccpa 2025-07-11 N/A
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of update packages on USB drives. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24356.
CVE-2025-2764 1 Carlinkit 2 Autokit, Cpc200-ccpa 2025-07-11 N/A
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of update packages provided to update.cgi. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24355.
CVE-2025-2765 1 Carlinkit 2 Autokit, Cpc200-ccpa 2025-07-11 8.8 High
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the wireless hotspot. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-24349.
CVE-2024-28265 1 Ibos 1 Ibos 2025-07-11 9.1 Critical
IBOS v4.5.5 has an arbitrary file deletion vulnerability via \system\modules\dashboard\controllers\LoginController.php.
CVE-2024-48059 1 Gaizhenbiao 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt 2025-07-11 6.1 Medium
gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is executed in the victim's browser.
CVE-2024-40715 1 Veeam 2 Backup \& Replication, Veeam Backup \& Replication 2025-07-11 N/A
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.
CVE-2025-1290 2 Google, Linux 2 Chrome Os, Linux Kernel 2025-07-11 8.1 High
A race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. Concurrent allocation and freeing of the virtio_vsock_sock structure during an AF_VSOCK connect syscall can occur before a worker thread accesses it resulting in a dangling pointer and potential kernel code execution.
CVE-2024-39710 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-11 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39711 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-11 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39712 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-11 N/A
Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.