Search Results (121072 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41586 1 Draytek 2 Vigor3910, Vigor3910 Firmware 2025-04-10 8 High
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.
CVE-2024-33835 1 Tenda 2 Ac18, Ac18 Firmware 2025-04-10 9.8 Critical
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
CVE-2024-24486 2 Silex, Silextechnology 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware 2025-04-10 9.1 Critical
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command.
CVE-2021-4302 1 Phpwcms 1 Phpwcms 2025-04-10 3.5 Low
A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419.
CVE-2024-24487 2 Silex, Silextechnology 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware 2025-04-10 6.8 Medium
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.
CVE-2024-24485 2 Silex, Silextechnology 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware 2025-04-10 7.5 High
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command.
CVE-2025-25507 1 Tenda 2 Ac6, Ac6 Firmware 2025-04-10 6.5 Medium
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
CVE-2025-0996 1 Google 1 Chrome 2025-04-10 5.4 Medium
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0995 1 Google 1 Chrome 2025-04-10 8.8 High
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-1851 1 Tenda 2 Ac7, Ac7 Firmware 2025-04-10 8.8 High
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2018-25068 1 Globalpom-utils Project 1 Globalpom-utils 2025-04-10 6.3 Medium
A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability.
CVE-2015-10019 1 Mysimplifiedsql Project 1 Mysimplifiedsql 2025-04-10 3.5 Low
A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The patch is named 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595.
CVE-2025-2196 1 Mrcms 1 Mrcms 2025-04-10 3.5 Low
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-44149 1 Nexxtsolutions 2 Amp300, Amp300 Firmware 2025-04-09 8.8 High
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
CVE-2025-2193 1 Mrcms 1 Mrcms 2025-04-09 5.4 Medium
A vulnerability has been found in MRCMS 3.1.2 and classified as critical. This vulnerability affects the function delete of the file /admin/file/delete.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path/name leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2194 1 Mrcms 1 Mrcms 2025-04-09 3.5 Low
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2195 1 Mrcms 1 Mrcms 2025-04-09 3.5 Low
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-5457 1 Ailux 1 Imx6 2025-04-09 7.5 High
A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2025-3119 1 Oretnom23 1 Online Tutor Portal 2025-04-09 6.3 Medium
A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3137 1 Phpgurukul 1 Online Security Guards Hiring System 2025-04-09 7.3 High
A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.