Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53307 1 Evisions 1 Maps 2025-06-23 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
CVE-2025-25940 1 Visicut 1 Visicut 2025-06-23 9.8 Critical
VisiCut 2.1 allows code execution via Insecure XML Deserialization in the loadPlfFile method of VisicutModel.java.
CVE-2025-28197 1 Kidocode 1 Crawl4ai 2025-06-23 9.1 Critical
Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
CVE-2025-3795 1 Daicuo 1 Daicuo 2025-06-23 2.4 Low
A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-25382 1 Ikm 1 Sanchaya 2025-06-23 7.5 High
An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request.
CVE-2025-25620 1 Changeweb 1 Unifiedtransform 2025-06-23 5.4 Medium
Unifiedtransform 2.0 is vulnerable to Cross Site Scripting (XSS) in the Create assignment function.
CVE-2024-53591 1 Seclore 1 Seclore 2025-06-23 9.8 Critical
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
CVE-2024-42733 1 Docmosis 1 Tornado 2025-06-23 9.8 Critical
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input
CVE-2025-46646 1 Artifex 1 Ghostscript 2025-06-23 4.5 Medium
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.
CVE-2025-27190 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-06-23 5.3 Medium
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.
CVE-2025-3577 1 Zyxel 2 Amg1302-t10b, Amg1302-t10b Firmware 2025-06-23 4.9 Medium
**UNSUPPORTED WHEN ASSIGNED** A path traversal vulnerability in the web management interface of the Zyxel AMG1302-T10B firmware version 2.00(AAJC.16)C0 could allow an authenticated attacker with administrator privileges to access restricted directories by sending a crafted HTTP request to an affected device.
CVE-2025-6143 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-23 8.8 High
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6144 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-23 8.8 High
A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6145 1 Totolink 2 Ex1200t, Ex1200t Firmware 2025-06-23 8.8 High
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6146 1 Totolink 2 X15, X15 Firmware 2025-06-23 8.8 High
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6147 1 Totolink 2 A702r, A702r Firmware 2025-06-23 8.8 High
A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6148 1 Totolink 2 A3002ru, A3002ru Firmware 2025-06-23 8.8 High
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6149 1 Totolink 2 A3002r, A3002r Firmware 2025-06-23 8.8 High
A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-6150 1 Totolink 2 X15, X15 Firmware 2025-06-23 8.8 High
A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-27206 1 Adobe 4 Adobe Commerce, Commerce, Commerce B2b and 1 more 2025-06-23 5.3 Medium
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited write access. Exploitation of this issue does not require user interaction.