Export limit exceeded: 363161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32003 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2025-07-03 | 5.3 Medium |
| `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | ||||
| CVE-2024-46409 | 1 Seeddms | 1 Seeddms | 2025-07-03 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page. | ||||
| CVE-2023-20217 | 1 Cisco | 2 Thousandeyes Enterprise Agent, Thousandeyes Recorder | 2025-07-03 | 5.5 Medium |
| A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device. | ||||
| CVE-2023-39454 | 1 Elecom | 6 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 3 more | 2025-07-03 | 9.8 Critical |
| Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. | ||||
| CVE-2023-4410 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2025-07-03 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45919 | 1 Solvait | 1 Solvait | 2025-07-03 | 6.5 Medium |
| A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an attacker can bypass approval workflows leading to unauthorized access to sensitive information or approval of fraudulent requests. | ||||
| CVE-2024-46535 | 2 Jepass, Ketr | 2 Jepass, Jepaas | 2025-07-03 | 9.8 Critical |
| Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. | ||||
| CVE-2024-42901 | 1 Limesurvey | 1 Limesurvey | 2025-07-03 | 4.8 Medium |
| A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. | ||||
| CVE-2024-42902 | 1 Limesurvey | 1 Limesurvey | 2025-07-03 | 8.8 High |
| An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function | ||||
| CVE-2024-41435 | 1 Yugabyte | 1 Yugabytedb | 2025-07-03 | 7.5 High |
| YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | ||||
| CVE-2024-41436 | 1 Clickhouse | 1 Clickhouse | 2025-07-03 | 7.5 High |
| ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | ||||
| CVE-2024-42885 | 1 Esafenet | 1 Cdg | 2025-07-03 | 9.1 Critical |
| SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. | ||||
| CVE-2024-42759 | 1 Ellevo | 1 Ellevo | 2025-07-03 | 6.3 Medium |
| An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. | ||||
| CVE-2024-44085 | 1 Onlyoffice | 2 Docs, Onlyoffice | 2025-07-03 | 6.1 Medium |
| ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. | ||||
| CVE-2023-37229 | 1 Loftware | 1 Spectrum | 2025-07-03 | 8.8 High |
| Loftware Spectrum before 5.1 allows SSRF. | ||||
| CVE-2024-34198 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-07-03 | 9.8 Critical |
| TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. | ||||
| CVE-2024-57599 | 1 Douco | 1 Douphp | 2025-07-03 | 4.8 Medium |
| Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | ||||
| CVE-2024-55215 | 1 Jrohy | 1 Trojan | 2025-07-03 | 9.8 Critical |
| An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. | ||||
| CVE-2024-57357 | 1 Tp-link | 2 Tl-wpa8630, Tl-wpa8630 Firmware | 2025-07-03 | 8 High |
| An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'. | ||||
| CVE-2025-1186 | 1 Xunruicms | 1 Xunruicms | 2025-07-03 | 6.3 Medium |
| A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||