Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363994 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20094 | 1 Mediatek | 21 Mt2735, Mt6833, Mt6853 and 18 more | 2025-04-25 | 7.5 High |
| In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. | ||||
| CVE-2024-20098 | 3 Google, Linuxfoundation, Mediatek | 20 Android, Yocto, Mt6768 and 17 more | 2025-04-25 | 6.7 Medium |
| In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. | ||||
| CVE-2024-20099 | 3 Google, Linuxfoundation, Mediatek | 8 Android, Yocto, Mt6768 and 5 more | 2025-04-25 | 6.7 Medium |
| In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. | ||||
| CVE-2024-20100 | 2 Google, Mediatek | 19 Android, Iot Yocto, Mt3605 and 16 more | 2025-04-25 | 9.8 Critical |
| In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. | ||||
| CVE-2024-50960 | 1 Extron | 8 Sme 211, Sme 211 Firmware, Smp 111 and 5 more | 2025-04-25 | 7.2 High |
| A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system. | ||||
| CVE-2025-29043 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | 9.8 Critical |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234 | ||||
| CVE-2025-29042 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | 9.8 Critical |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c | ||||
| CVE-2025-29039 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | 7.2 High |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | ||||
| CVE-2021-35246 | 1 Solarwinds | 1 Engineer\'s Toolset | 2025-04-25 | 5.3 Medium |
| The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users. | ||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2025-04-25 | 5.4 Medium |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | ||||
| CVE-2022-41568 | 1 Linecorp | 1 Line | 2025-04-25 | 7.5 High |
| LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat. | ||||
| CVE-2022-3848 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-25 | 8.8 High |
| The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin | ||||
| CVE-2022-3833 | 1 Thematosoup | 1 Fancier Author Box | 2025-04-25 | 4.8 Medium |
| The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3822 | 1 Tipsandtricks-hq | 1 Donations Via Paypal | 2025-04-25 | 4.8 Medium |
| The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2025-04-25 | 9 Critical |
| PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | ||||
| CVE-2022-37720 | 1 Orchardcore | 1 Orchard Cms | 2025-04-25 | 9 Critical |
| Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | ||||
| CVE-2022-36133 | 1 Epson | 18 Tm-c3500, Tm-c3500 Firmware, Tm-c3510 and 15 more | 2025-04-25 | 9.1 Critical |
| The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500 allows authentication bypass. | ||||
| CVE-2022-2721 | 1 Octopus | 1 Octopus Server | 2025-04-25 | 7.5 High |
| In affected versions of Octopus Server it is possible for target discovery to print certain values marked as sensitive to log files in plaint-text in when verbose logging is enabled. | ||||
| CVE-2022-0698 | 1 Microweber | 1 Microweber | 2025-04-25 | 6.1 Medium |
| Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | ||||
| CVE-2022-2650 | 1 Wger | 1 Wger | 2025-04-25 | 9.8 Critical |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. | ||||