Export limit exceeded: 363683 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-53180 1 Huawei 1 Harmonyos 2025-07-09 6.5 Medium
Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2024-44905 1 Uptrace 1 Pg 2025-07-09 6.5 Medium
go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
CVE-2023-48978 1 Ncr 1 Itm Web Terminal 2025-07-09 9.8 Critical
An issue in NCR ITM Web terminal v.4.4.0 and v.4.4.4 allows a remote attacker to execute arbitrary code via a crafted script to the IP camera URL component.
CVE-2023-50450 1 Sensopart 2 Visor Vision Sensors, Visor Vision Sensors Firmware 2025-07-09 8.4 High
An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges.
CVE-2025-6534 1 Xxyopen 1 Novel-plus 2025-07-09 4.2 Medium
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6535 1 Xxyopen 1 Novel-plus 2025-07-09 6.3 Medium
A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation of the argument sort/order leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2021-41691 1 Os4ed 1 Opensis 2025-07-09 9.8 Critical
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.
CVE-2025-44531 1 Realtek 2 Rtl8762e Software Development Kit, Rtl8762ekf-evb 2025-07-09 7.5 High
An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.
CVE-2024-37743 1 Mmz-001 1 Knowledgegpt 2025-07-09 9.8 Critical
An issue in mmzdev KnowledgeGPT V.0.0.5 allows a remote attacker to execute arbitrary code via the Document Display Component.
CVE-2025-45332 1 Vkoskiv 1 C-ray 2025-07-09 7.5 High
vkoskiv c-ray 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the parse_mtllib function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.
CVE-2025-45333 1 Berkeley-abc 1 Abc 2025-07-09 7.5 High
berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.
CVE-2023-51574 1 Voltronicpower 1 Viewpower 2025-07-09 N/A
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22010.
CVE-2025-48923 1 Toc.js Project 1 Toc.js 2025-07-09 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1.
CVE-2025-49003 1 Dataease 1 Dataease 2025-07-09 9.8 Critical
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. The vulnerability has been fixed in v2.10.11. No known workarounds are available.
CVE-2025-49015 1 Couchbase 1 .net Sdk 2025-07-09 4.9 Medium
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
CVE-2025-5682 1 Klaro Cookie \& Consent Management Project 1 Klaro Cookie \& Consent Management 2025-07-09 4.3 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7.
CVE-2025-6393 1 Totolink 8 A3002r, A3002r Firmware, A3002ru and 5 more 2025-07-09 8.8 High
A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-45786 1 Updategadh 1 Real Estate Management 2025-07-09 8.1 High
Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.
CVE-2025-44952 1 Open5gs 1 Open5gs 2025-07-09 7.8 High
A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than 101.
CVE-2024-46313 1 Tp-link 3 Tl-wr941nd, Wr941nd, Wr941nd Firmware 2025-07-09 8 High
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.