Search Results (121069 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-22088 1 Qualcomm 300 Apq8009, Apq8009 Firmware, Apq8009w and 297 more 2025-04-09 9.8 Critical
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
CVE-2025-3141 1 Oretnom23 1 Online Medicine Ordering System 2025-04-09 6.3 Medium
A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2014-125057 1 Robitailletheknot Project 1 Robitailletheknot 2025-04-09 3.1 Low
A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599.
CVE-2015-10032 1 Healthmateweb Project 1 Healthmateweb 2025-04-09 3.5 Low
A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The patch is named 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663.
CVE-2025-28407 1 Ruoyi 1 Ruoyi 2025-04-09 8.8 High
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVE-2025-28408 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVE-2025-28409 1 Ruoyi 1 Ruoyi 2025-04-09 8.8 High
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId
CVE-2025-28410 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
CVE-2025-28411 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
CVE-2025-28412 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
CVE-2024-54907 1 Totolink 2 A3002r, A3002r Firmware 2025-04-09 8.8 High
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc.
CVE-2025-22949 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-09 9.8 Critical
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution.
CVE-2025-22946 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-09 9.8 Critical
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution.
CVE-2024-13744 1 Booster 1 Booster For Woocommerce 2025-04-09 8.1 High
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-28400 1 Ruoyi 1 Ruoyi 2025-04-09 6.7 Medium
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVE-2025-28401 1 Ruoyi 1 Ruoyi 2025-04-09 6.7 Medium
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVE-2025-28402 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVE-2025-28403 1 Ruoyi 1 Ruoyi 2025-04-09 7.2 High
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVE-2025-28405 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVE-2025-28406 1 Ruoyi 1 Ruoyi 2025-04-09 9.8 Critical
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter