Search Results (120973 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41600 1 Talelin 1 Lin-cms-spring-boot 2025-03-18 7.5 High
Insecure Permissions vulnerability in lin-CMS Springboot v.0.2.1 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.
CVE-2018-14015 1 Radare 1 Radare2 2025-03-18 5.5 Medium
The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input validation in r_bin_dwarf_parse_comp_unit in libr/bin/dwarf.c.
CVE-2023-37058 1 Unionman 2 Jlink Ax1800, Jlink Ax1800 Firmware 2025-03-18 9.8 Critical
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
CVE-2025-20633 1 Mediatek 5 Mt7603, Mt7615, Mt7622 and 2 more 2025-03-18 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.
CVE-2024-41572 1 Lang-learn-guy 1 Learning With Texts 2025-03-18 6.1 Medium
Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.
CVE-2023-2938 1 Google 1 Chrome 2025-03-18 4.3 Medium
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-47503 1 Solarwinds 1 Orion Platform 2025-03-18 7.2 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-47504 1 Solarwinds 1 Orion Platform 2025-03-18 7.2 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-47507 1 Solarwinds 1 Orion Platform 2025-03-18 7.2 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2024-26310 1 Archerirm 1 Archer 2025-03-18 4.3 Medium
Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges.
CVE-2023-49109 1 Apache 1 Dolphinscheduler 2025-03-18 9.8 Critical
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.
CVE-2024-26313 1 Archerirm 1 Archer 2025-03-18 7.3 High
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release.
CVE-2023-24078 1 Realtimelogic 1 Fuguhub 2025-03-18 8.8 High
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
CVE-2021-35261 1 Bearadmin Project 1 Bearadmin 2025-03-18 9.8 Critical
File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.
CVE-2024-57602 1 Easyappointments 1 Easyappointments 2025-03-18 9.8 Critical
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
CVE-2024-42861 1 Linuxptp Project 1 Linuxptp 2025-03-18 7.5 High
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
CVE-2024-41707 1 Archerirm 1 Archer 2025-03-18 4.8 Medium
An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVE-2024-2885 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-18 8.8 High
Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-25266 1 Docmosis 1 Tornado 2025-03-18 8.8 High
An issue was discovered in Docmosis Tornado prior to version 2.9.5. An authenticated attacker can change the Office directory setting pointing to an arbitrary remote network path. This triggers the execution of the soffice binary under the attackers control leading to arbitrary remote code execution (RCE).
CVE-2023-20948 1 Google 1 Android 2025-03-18 7.5 High
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526