Export limit exceeded: 363262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-48233 1 Mipjz Project 1 Mipjz 2025-07-07 4.8 Medium
mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter.
CVE-2024-48270 1 Misstt123 1 Oasys 2025-07-07 7.5 High
An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.
CVE-2024-4839 1 Lollms 1 Lollms-webui 2025-07-07 3.3 Low
A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent.
CVE-2021-3186 1 Tenda 2 Ac5, Ac5 Firmware 2025-07-07 5.4 Medium
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
CVE-2020-28095 1 Tenda 2 Ac6, Ac6 Firmware 2025-07-07 7.5 High
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
CVE-2019-16869 4 Canonical, Debian, Netty and 1 more 14 Ubuntu Linux, Debian Linux, Netty and 11 more 2025-07-07 7.5 High
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CVE-2024-48597 2 Angeljudesuarez, Online Clinic Management System Project 2 Online Clinic Management System, Online Clinic Management System 2025-07-07 8.1 High
Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit.
CVE-2024-50986 1 Clementine-player 1 Clementine 2025-07-07 7.3 High
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
CVE-2024-51091 1 Seajs 1 Seajs 2025-07-07 5.4 Medium
Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package
CVE-2024-46450 1 Tenda 2 Ac6, Ac6 Firmware 2025-07-07 8.1 High
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVE-2024-40503 1 Tenda 2 Ax12, Ax12 Firmware 2025-07-07 6.5 Medium
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
CVE-2024-48192 1 Tenda 2 G3, G3 Firmware 2025-07-07 8 High
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root
CVE-2024-40412 1 Tenda 2 Ax12, Ax12 Firmware 2025-07-07 6.8 Medium
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
CVE-2024-51568 2 Cyber Panel, Cyberpanel 2 Cyber Panel, Cyberpanel 2025-07-07 10 Critical
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
CVE-2024-50983 1 Getflightpath 1 Flightpath 2025-07-07 6.1 Medium
FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.
CVE-2024-40515 2 Tenda, Tendacn 3 Ax2 Pro, Ax2 Pro Firmware, Ax2 Pro 2025-07-07 9.8 Critical
An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.
CVE-2024-33365 2 Tenda, Tendacn 3 Ac10, Ac10 Firmware, Ac10 Firmware 2025-07-07 7.5 High
Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.
CVE-2024-6165 1 Wanotifier 1 Wanotifier 2025-07-07 4.8 Medium
The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-29030 1 Usememos 1 Memos 2025-07-07 5.8 Medium
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
CVE-2024-29028 1 Usememos 1 Memos 2025-07-07 5.8 Medium
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.