Search Results (121007 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-42813 1 Trendnet 2 Tew-752dru, Tew-752dru Firmware 2025-04-01 9.8 Critical
In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length verification for the service field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVE-2024-29684 1 Dedecms 1 Dedecms 2025-04-01 9.8 Critical
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.
CVE-2024-2862 1 Lg 1 Lg Led Assistant 2025-04-01 9.1 Critical
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.
CVE-2025-2740 1 Phpgurukul 1 Old Age Home Management System 2025-04-01 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-55964 1 Appsmith 1 Appsmith 2025-04-01 9.8 Critical
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
CVE-2022-31711 1 Vmware 1 Vrealize Log Insight 2025-04-01 5.3 Medium
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
CVE-2022-31710 1 Vmware 1 Vrealize Log Insight 2025-04-01 7.5 High
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
CVE-2022-25860 1 Simple-git Project 1 Simple-git 2025-04-01 8.1 High
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).
CVE-2025-2852 1 Oretnom23 1 Food Ordering Management System 2025-04-01 4.7 Medium
A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/menus/view_menu.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2835 1 Zhyd 1 Oneblog 2025-04-01 4.3 Medium
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2833 1 Zhyd 1 Oneblog 2025-04-01 5.3 Medium
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-28361 1 Telesquare 2 Tlr-2005ksh, Tlr-2005ksh Firmware 2025-04-01 7.5 High
Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.
CVE-2024-1783 1 Totolink 2 Lr1200gb, Lr1200gb Firmware 2025-04-01 9.8 Critical
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-25866 1 Codeastro 1 Membership Management System 2025-04-01 8.8 High
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component.
CVE-2024-25867 1 Codeastro 1 Membership Management System 2025-04-01 9.1 Critical
A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component.
CVE-2024-25868 1 Codeastro 1 Membership Management System 2025-04-01 6.1 Medium
A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component.
CVE-2024-25869 1 Codeastro 1 Membership Management System 2025-04-01 8.8 High
An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.
CVE-2023-24494 1 Tenable 1 Tenable.sc 2025-04-01 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.
CVE-2022-47767 1 Solar-log 18 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 15 more 2025-04-01 9.8 Critical
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
CVE-2022-25894 1 Uflo Project 1 Uflo 2025-04-01 9.8 Critical
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.