Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363683 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53180 | 1 Huawei | 1 Harmonyos | 2025-07-09 | 6.5 Medium |
| Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
| CVE-2024-44905 | 1 Uptrace | 1 Pg | 2025-07-09 | 6.5 Medium |
| go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go. | ||||
| CVE-2023-48978 | 1 Ncr | 1 Itm Web Terminal | 2025-07-09 | 9.8 Critical |
| An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component. | ||||
| CVE-2023-50450 | 1 Sensopart | 2 Visor Vision Sensors, Visor Vision Sensors Firmware | 2025-07-09 | 8.4 High |
| An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges. | ||||
| CVE-2025-6534 | 1 Xxyopen | 1 Novel-plus | 2025-07-09 | 4.2 Medium |
| A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6535 | 1 Xxyopen | 1 Novel-plus | 2025-07-09 | 6.3 Medium |
| A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation of the argument sort/order leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-41691 | 1 Os4ed | 1 Opensis | 2025-07-09 | 9.8 Critical |
| A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php. | ||||
| CVE-2025-44531 | 1 Realtek | 2 Rtl8762e Software Development Kit, Rtl8762ekf-evb | 2025-07-09 | 7.5 High |
| An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt. | ||||
| CVE-2024-37743 | 1 Mmz-001 | 1 Knowledgegpt | 2025-07-09 | 9.8 Critical |
| An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component. | ||||
| CVE-2025-45332 | 1 Vkoskiv | 1 C-ray | 2025-07-09 | 7.5 High |
| vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. | ||||
| CVE-2025-45333 | 1 Berkeley-abc | 1 Abc | 2025-07-09 | 7.5 High |
| berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes. | ||||
| CVE-2023-51574 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A |
| Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010. | ||||
| CVE-2025-48923 | 1 Toc.js Project | 1 Toc.js | 2025-07-09 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1. | ||||
| CVE-2025-49003 | 1 Dataease | 1 Dataease | 2025-07-09 | 9.8 Critical |
| DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. The vulnerability has been fixed in v2.10.11. No known workarounds are available. | ||||
| CVE-2025-49015 | 1 Couchbase | 1 .net Sdk | 2025-07-09 | 4.9 Medium |
| The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default. | ||||
| CVE-2025-5682 | 1 Klaro Cookie \& Consent Management Project | 1 Klaro Cookie \& Consent Management | 2025-07-09 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7. | ||||
| CVE-2025-6393 | 1 Totolink | 8 A3002r, A3002r Firmware, A3002ru and 5 more | 2025-07-09 | 8.8 High |
| A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-45786 | 1 Updategadh | 1 Real Estate Management | 2025-07-09 | 8.1 High |
| Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php. | ||||
| CVE-2025-44952 | 1 Open5gs | 1 Open5gs | 2025-07-09 | 7.8 High |
| A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101. | ||||
| CVE-2024-46313 | 1 Tp-link | 3 Tl-wr941nd, Wr941nd, Wr941nd Firmware | 2025-07-09 | 8 High |
| TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. | ||||