Search Results (363090 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3674 1 Totolink 2 A3700r, A3700r Firmware 2025-04-22 5.3 Medium
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-34231 1 Sourcecodester 1 Laboratory Management System 2025-04-22 7.1 High
A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter.
CVE-2025-32375 1 Bentoml 1 Bentoml 2025-04-22 9.8 Critical
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.
CVE-2024-33304 2 Oretnom23, Sourcecodester 2 Product Show Room Site, Product Show Room 2025-04-22 6.1 Medium
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.
CVE-2024-33306 1 Sourcecodester 1 Laboratory Management System 2025-04-22 7.4 High
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User.
CVE-2025-25457 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-22 7.5 High
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.
CVE-2025-25453 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-22 4.6 Medium
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2.
CVE-2025-25458 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-22 4.6 Medium
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2.
CVE-2025-25456 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-22 9.8 Critical
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2.
CVE-2025-25454 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-22 7.5 High
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
CVE-2025-25455 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-22 7.5 High
Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
CVE-2025-3786 1 Tenda 2 Ac15, Ac15 Firmware 2025-04-22 8.8 High
A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-29462 1 Tenda 2 Ac15, Ac15 Firmware 2025-04-22 9.8 Critical
A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack.
CVE-2025-29453 1 Personal-management-system 1 Personal Management System 2025-04-22 6.5 Medium
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component.
CVE-2025-29454 1 Personal-management-system 1 Personal Management System 2025-04-22 6.5 Medium
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function.
CVE-2025-29455 1 Personal-management-system 1 Personal Management System 2025-04-22 6.5 Medium
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Travel Ideas" function.
CVE-2025-29456 1 Personal-management-system 1 Personal Management System 2025-04-22 6.5 Medium
An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the create Notes function.
CVE-2024-26135 2 Meshcentral, Ylianst 2 Meshcentral, Meshcentral 2025-04-22 8.4 High
MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.
CVE-2024-25897 1 Churchcrm 1 Churchcrm 2025-04-22 9.8 Critical
ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter.
CVE-2024-25147 1 Liferay 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more 2025-04-22 9.6 Critical
Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.