Search Results (366658 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42078 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-16 7.8 High
PDF-XChange Editor JP2 File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21850.
CVE-2023-42079 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-16 5.5 Medium
PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21851.
CVE-2025-3215 1 Phpgurukul 1 Restaurant Table Booking System 2025-05-16 6.3 Medium
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-3229 1 Phpgurukul 1 Restaurant Table Booking System 2025-05-16 4.7 Medium
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-subadmin.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-0272 1 Kashipara 1 Food Management System 2025-05-16 6.3 Medium
A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827.
CVE-2025-3235 1 Phpgurukul 1 Old Age Home Management System 2025-05-16 6.3 Medium
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname/contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-0283 1 Kashipara 1 Food Management System 2025-05-16 3.5 Low
A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability.
CVE-2025-3238 1 Phpgurukul 1 Online Fire Reporting System 2025-05-16 7.3 High
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /search-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-45841 1 Totolink 2 Nr1800x, Nr1800x Firmware 2025-05-16 6.5 Medium
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function.
CVE-2025-45842 1 Totolink 2 Nr1800x, Nr1800x Firmware 2025-05-16 8.8 High
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyCfg function.
CVE-2025-45843 1 Totolink 2 Nr1800x, Nr1800x Firmware 2025-05-16 8.8 High
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
CVE-2025-45844 1 Totolink 2 Nr1800x, Nr1800x Firmware 2025-05-16 8.8 High
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiBasicCfg function.
CVE-2025-45845 1 Totolink 2 Nr1800x, Nr1800x Firmware 2025-05-16 8.8 High
TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid5g parameter in the setWiFiEasyGuestCfg function.
CVE-2025-26845 1 Znuny 1 Znuny 2025-05-16 9.8 Critical
An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
CVE-2025-3239 1 Phpgurukul 1 Online Fire Reporting System 2025-05-16 7.3 High
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-26847 1 Znuny 1 Znuny 2025-05-16 9.1 Critical
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
CVE-2025-30101 1 Dell 1 Powerscale Onefs 2025-05-16 4.4 Medium
Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.
CVE-2025-30102 1 Dell 1 Powerscale Onefs 2025-05-16 5.5 Medium
Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2025-45787 1 Totolink 2 A3100r, A3100r Firmware 2025-05-16 6.5 Medium
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow viathe comment parameter in setIpPortFilterRules.
CVE-2025-45788 1 Totolink 2 A3100r, A3100r Firmware 2025-05-16 6.5 Medium
TOTOLINK A3100R V5.9c.1527 is vulnerable to Buffer Overflow via the comment parameter in setMacFilterRules.