Search Results (121010 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-2094 1 Totolink 2 Ex1800t, Ex1800t Firmware 2025-04-03 6.3 Medium
A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. It has been rated as critical. Affected by this issue is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliKey/key leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2095 1 Totolink 2 Ex1800t, Ex1800t Firmware 2025-04-03 6.3 Medium
A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This affects the function setDmzCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2097 1 Totolink 2 Ex1800t, Ex1800t Firmware 2025-04-03 8.8 High
A vulnerability, which was classified as critical, has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This issue affects the function setRptWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument loginpass leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2096 1 Totolink 2 Ex1800t, Ex1800t Firmware 2025-04-03 6.3 Medium
A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function setRebootScheCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mode/week/minute/recHour leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-31065 2 Munyweki, Sourcecodester 2 Insurance Management System, Insurance Management System 2025-04-03 6.1 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field.
CVE-2024-31064 1 Munyweki 1 Insurance Management System 2025-04-03 6.1 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field.
CVE-2024-31063 1 Munyweki 1 Insurance Management System 2025-04-03 6.4 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field.
CVE-2023-22617 1 Powerdns 1 Recursor 2025-04-03 7.5 High
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.
CVE-2022-38725 1 Oneidentity 2 Syslog-ng, Syslog-ng Store Box 2025-04-03 7.5 High
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.
CVE-2020-24901 1 Krpano 1 Krpano 2025-04-03 6.1 Medium
The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugin[test].url.
CVE-2024-31062 1 Munyweki 1 Insurance Management System 2025-04-03 6.3 Medium
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field.
CVE-2024-13074 1 Phpgurukul 1 Land Record System 2025-04-03 3.5 Low
A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-13092 1 Code-projects 1 Job Recruitment 2025-04-03 6.3 Medium
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-13093 1 Code-projects 1 Job Recruitment 2025-04-03 6.3 Medium
A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of the component Seeker Profile Handler. The manipulation of the argument s1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-40655 1 Nikon 1 Nis-elements Viewer 2025-04-03 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ND2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15071.
CVE-2025-0171 1 Code-projects 1 Chat System 2025-04-03 6.3 Medium
A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0172 1 Code-projects 1 Chat System 2025-04-03 6.3 Medium
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0176 1 Code-projects 1 Point Of Sales And Inventory Management System 2025-04-03 6.3 Medium
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/add_cart.php. The manipulation of the argument id/qty leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-55507 1 Codeastro 1 Complaint Management System 2025-04-03 9.8 Critical
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.
CVE-2024-12963 1 Code-projects 1 Job Recruitment 2025-04-03 7.3 High
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function add_xp of the file /_parse/_all_edits.php. The manipulation of the argument job_company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.