Search Results (312148 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-4460 1 Totolink 2 N150rt, N150rt Firmware 2025-05-23 2.4 Low
A vulnerability classified as problematic has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the component URL Filtering Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-47612 1 Flowdee 1 Clickwhale 2025-05-23 5.4 Medium
Missing Authorization vulnerability in flowdee ClickWhale allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ClickWhale: from n/a through 2.4.6.
CVE-2024-51547 1 Abb 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more 2025-05-23 9.8 Critical
Use of Hard-coded Credentials vulnerability in ABB ASPECT-Enterprise, ABB NEXUS Series, ABB MATRIX Series.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2025-4008 2025-05-23 N/A
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
CVE-2023-6371 1 Gitlab 1 Gitlab 2025-05-23 8.7 High
An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
CVE-2023-4378 1 Gitlab 1 Gitlab 2025-05-23 5.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.
CVE-2015-7848 2 Netapp, Ntp 6 Clustered Data Ontap, Data Ontap Operating In 7-mode, Oncommand Balance and 3 more 2025-05-23 7.5 High
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.
CVE-2024-36761 1 Gfx-rs 2 Naga, Wgpu 2025-05-23 9.8 Critical
naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.
CVE-2025-4642 2025-05-22 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4562 2025-05-22 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-40864 1 Tendacn 4 Ac15, Ac15 Firmware, Ac18 and 1 more 2025-05-22 9.8 Critical
Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet
CVE-2022-40862 1 Tendacn 4 Ac15, Ac15 Firmware, Ac18 and 1 more 2025-05-22 9.8 Critical
Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting
CVE-2022-40860 1 Tendacn 2 Ac15, Ac15 Firmware 2025-05-22 9.8 Critical
Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList
CVE-2022-40853 1 Tendacn 2 Ac15, Ac15 Firmware 2025-05-22 9.8 Critical
Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
CVE-2022-40093 1 Online Tours And Travels Management System Project 1 Online Tours And Travels Management System 2025-05-22 7.2 High
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.
CVE-2022-40092 1 Online Tours And Travels Management System Project 1 Online Tours And Travels Management System 2025-05-22 7.2 High
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.
CVE-2022-40091 1 Online Tours And Travels Management System Project 1 Online Tours And Travels Management System 2025-05-22 7.2 High
Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.
CVE-2022-35257 1 Ui 1 Desktop 2025-05-22 7.8 High
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
CVE-2022-35097 1 Swftools 1 Swftools 2025-05-22 5.5 Medium
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.
CVE-2022-33681 2 Apache, Redhat 2 Pulsar, Camel Spring Boot 2025-05-22 5.9 Medium
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted hostname does not match a hostname on the certificate. Because the client eventually closes the connection, the value of the intercepted authentication data depends on the authentication method used by the client. Token based authentication and username/password authentication methods are vulnerable because the authentication data can be used to impersonate the client in a separate session. This issue affects Apache Pulsar Java Client versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.