Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46852 1 Dotcamp 1 Wp Table Builder 2025-06-06 5.9 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions.
CVE-2024-38894 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 5.3 Medium
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVE-2024-38892 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 6.5 Medium
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
CVE-2024-33373 1 Lb-link 2 Bl-w1210m, Bl-w1210m Firmware 2025-06-06 6.3 Medium
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack.
CVE-2024-38950 1 Struktur 1 Libde265 2025-06-06 6.5 Medium
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.
CVE-2024-38949 1 Struktur 1 Libde265 2025-06-06 6.5 Medium
Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc
CVE-2024-38895 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 5.3 Medium
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
CVE-2024-38896 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 5.3 Medium
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVE-2024-38897 1 Wavlink 2 Wn551k1, Wn551k1 Firmware 2025-06-06 5.3 Medium
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
CVE-2024-37662 1 Tp-link 2 Tl-7dr5130, Tl-7dr5130 Firmware 2025-06-06 6.3 Medium
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.
CVE-2024-37661 1 Tp-link 2 Tl-7dr5130, Tl-7dr5130 Firmware 2025-06-06 6.3 Medium
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.
CVE-2024-5155 1 Ravster 1 Inquiry Cart 2025-06-06 6.1 Medium
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-3636 1 Pinpoint 1 Pinpoint Booking System 2025-06-06 5.4 Medium
The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-6390 1 Expresstech 1 Quiz And Survey Master 2025-06-06 5.9 Medium
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
CVE-2025-23216 2 Argoproj, Redhat 2 Argo Cd, Openshift Gitops 2025-06-06 6.8 Medium
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.
CVE-2025-5624 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-06-06 9.8 Critical
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-5621 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-06-06 7.3 High
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-5620 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-06-06 7.3 High
A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-5622 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-06-06 9.8 Critical
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-5623 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-06-06 9.8 Critical
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.