Export limit exceeded: 364725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13106 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13107 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13108 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25741 | 1 Dlink | 2 Dir-853, Dir-853 Firmware | 2025-05-02 | 5.4 Medium |
| D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module. | ||||
| CVE-2025-25740 | 1 Dlink | 2 Dir-853, Dir-853 Firmware | 2025-05-02 | 5.5 Medium |
| D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module. | ||||
| CVE-2025-25745 | 1 Dlink | 2 Dir-853, Dir-853 Firmware | 2025-05-02 | 8.8 High |
| D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module. | ||||
| CVE-2022-28763 | 1 Zoom | 3 Meetings, Rooms For Conference Rooms, Virtual Desktop Infrastructure | 2025-05-02 | 8.8 High |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. | ||||
| CVE-2022-39018 | 1 M-files | 1 Hubshare | 2025-05-02 | 8.2 High |
| Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. | ||||
| CVE-2021-27784 | 1 Hcltech | 1 Hcl Launch Container Image | 2025-05-02 | 5.9 Medium |
| The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages. | ||||
| CVE-2023-4502 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2025-05-02 | 4.8 Medium |
| The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters. | ||||
| CVE-2023-4270 | 1 Codeastrology | 1 Min Max Control | 2025-05-02 | 6.1 Medium |
| The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-35670 | 1 Google | 1 Android | 2025-05-02 | 7.8 High |
| In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2004-0230 | 7 Juniper, Mcafee, Microsoft and 4 more | 12 Junos, Network Data Loss Prevention, Windows 2000 and 9 more | 2025-05-02 | N/A |
| TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | ||||
| CVE-2024-1367 | 1 Tenable | 1 Security Center | 2025-05-02 | 7.2 High |
| A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. | ||||
| CVE-2024-47121 | 1 Gotenna | 1 Gotenna Pro | 2025-05-02 | 5.3 Medium |
| The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via encrypted broadcast with that particular key. This only applies when the key is broadcasted over RF. This is an optional feature, so it is recommended to use local QR encryption key sharing for additional security on this and previous versions. | ||||
| CVE-2023-4036 | 1 Riverforest-wp | 1 Simple Blog Card | 2025-05-02 | 4.3 Medium |
| The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones | ||||
| CVE-2023-43496 | 1 Jenkins | 1 Jenkins | 2025-05-02 | 8.8 High |
| Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | ||||
| CVE-2022-43227 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-02 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/admin/?page=appointments/view_appointment. | ||||
| CVE-2020-21428 | 1 Freeimage Project | 1 Freeimage | 2025-05-02 | 3.3 Low |
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | ||||
| CVE-2022-24936 | 1 Silabs | 1 Gecko Bootloader | 2025-05-02 | 8.3 High |
| Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade. | ||||