Export limit exceeded: 367103 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367103 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32885 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 6.5 Medium |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. | ||||
| CVE-2025-21537 | 1 Oracle | 1 Peoplesoft Enterprise Fin Cash Management | 2025-06-20 | 5.4 Medium |
| Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (component: Cash Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Cash Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Cash Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Cash Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2025-32886 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 4 Medium |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data. | ||||
| CVE-2025-32887 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 7.1 High |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping. | ||||
| CVE-2025-32888 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 7.3 High |
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | ||||
| CVE-2025-32889 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 7.3 High |
| An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app. | ||||
| CVE-2025-32890 | 1 Gotenna | 3 Gotenna, Mesh, Mesh Firmware | 2025-06-20 | 5.3 Medium |
| An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. | ||||
| CVE-2025-3900 | 1 Colorbox Project | 1 Colorbox | 2025-06-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3. | ||||
| CVE-2025-28355 | 1 Personal-management-system | 1 Personal Management System | 2025-06-20 | 4.7 Medium |
| Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none | ||||
| CVE-2025-5033 | 1 Teacms Project | 1 Teacms | 2025-06-20 | 4.3 Medium |
| A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-51970 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | ||||
| CVE-2023-51969 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. | ||||
| CVE-2023-51967 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. | ||||
| CVE-2023-51966 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. | ||||
| CVE-2023-51965 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | ||||
| CVE-2023-51963 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | ||||
| CVE-2023-51953 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | ||||
| CVE-2023-51952 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-20 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. | ||||
| CVE-2023-51252 | 1 Publiccms | 1 Publiccms | 2025-06-20 | 5.4 Medium |
| PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. | ||||
| CVE-2023-51123 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2025-06-20 | 9.8 Critical |
| An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | ||||