Export limit exceeded: 363785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3186 1 Tenda 2 Ac5, Ac5 Firmware 2025-07-07 5.4 Medium
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
CVE-2020-28095 1 Tenda 2 Ac6, Ac6 Firmware 2025-07-07 7.5 High
On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop.
CVE-2019-16869 4 Canonical, Debian, Netty and 1 more 14 Ubuntu Linux, Debian Linux, Netty and 11 more 2025-07-07 7.5 High
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CVE-2024-48597 2 Angeljudesuarez, Online Clinic Management System Project 2 Online Clinic Management System, Online Clinic Management System 2025-07-07 8.1 High
Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit.
CVE-2024-50986 1 Clementine-player 1 Clementine 2025-07-07 7.3 High
An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.
CVE-2024-51091 1 Seajs 1 Seajs 2025-07-07 5.4 Medium
Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package
CVE-2024-46450 1 Tenda 2 Ac6, Ac6 Firmware 2025-07-07 8.1 High
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request.
CVE-2024-40503 1 Tenda 2 Ax12, Ax12 Firmware 2025-07-07 6.5 Medium
An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling.
CVE-2024-48192 1 Tenda 2 G3, G3 Firmware 2025-07-07 8 High
Tenda G3 v15.01.0.5(2848_755)_EN was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root
CVE-2024-40412 1 Tenda 2 Ax12, Ax12 Firmware 2025-07-07 6.8 Medium
Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function.
CVE-2024-51568 2 Cyber Panel, Cyberpanel 2 Cyber Panel, Cyberpanel 2025-07-07 10 Critical
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
CVE-2024-50983 1 Getflightpath 1 Flightpath 2025-07-07 6.1 Medium
FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into the Last Name section in the Create/Edit Faculty/Staff User or Create/Edit Student User sections.
CVE-2024-40515 2 Tenda, Tendacn 3 Ax2 Pro, Ax2 Pro Firmware, Ax2 Pro 2025-07-07 9.8 Critical
An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality.
CVE-2024-33365 2 Tenda, Tendacn 3 Ac10, Ac10 Firmware, Ac10 Firmware 2025-07-07 7.5 High
Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component.
CVE-2024-6165 1 Wanotifier 1 Wanotifier 2025-07-07 4.8 Medium
The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-29030 1 Usememos 1 Memos 2025-07-07 5.8 Medium
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file.
CVE-2024-29028 1 Usememos 1 Memos 2025-07-07 5.8 Medium
memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.
CVE-2024-1601 1 Lollms 1 Lollms-webui 2025-07-07 9.8 Critical
An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the 'id' parameter, an attacker can manipulate SQL queries to delete all records from the 'discussion' and 'message' tables. This issue is due to improper neutralization of special elements used in an SQL command.
CVE-2023-43292 2 Rems, Sourcecodester 2 My Food Recipe, My Food Recipe Using Php 2025-07-07 6.1 Medium
Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters.
CVE-2024-1569 1 Lollms 1 Lollms-webui 2025-07-07 7.5 High
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.