Export limit exceeded: 338166 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338166 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45492 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2025-05-13 | 6.5 Medium |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. | ||||
| CVE-2025-45491 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 9.8 Critical |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. | ||||
| CVE-2025-45490 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. | ||||
| CVE-2025-45489 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. | ||||
| CVE-2025-45488 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. | ||||
| CVE-2025-45487 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-05-13 | 6.5 Medium |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. | ||||
| CVE-2025-23379 | 1 Dell | 1 Storage Manager | 2025-05-13 | 3.5 Low |
| Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2025-2657 | 1 Projectworlds | 1 Apartment Visitors Management System | 2025-05-13 | 7.3 High |
| A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /front.php. The manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-22479 | 1 Dell | 1 Storage Manager | 2025-05-13 | 3.5 Low |
| Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection. | ||||
| CVE-2023-45892 | 1 Floorsightsoftware | 1 Insight | 2025-05-13 | 7.5 High |
| An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | ||||
| CVE-2022-43968 | 1 Concretecms | 1 Concrete Cms | 2025-05-13 | 6.1 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
| CVE-2022-43967 | 1 Concretecms | 1 Concrete Cms | 2025-05-13 | 6.1 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
| CVE-2022-43695 | 1 Concretecms | 1 Concrete Cms | 2025-05-13 | 4.8 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. | ||||
| CVE-2022-43295 | 1 Xpdfreader | 1 Xpdf | 2025-05-13 | 5.5 Medium |
| XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. | ||||
| CVE-2022-42060 | 1 Tenda | 2 W15e, W15e Firmware | 2025-05-13 | 7.5 High |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. | ||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | 8.8 High |
| GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | ||||
| CVE-2022-2908 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| A potential DoS vulnerability was discovered in Gitlab CE/EE versions starting from 10.7 before 15.1.5, all versions starting from 15.2 before 15.2.3, all versions starting from 15.3 before 15.3.1 allowed an attacker to trigger high CPU usage via a special crafted input added in the Commit message field. | ||||
| CVE-2022-2834 | 1 Helpful Project | 1 Helpful | 2025-05-13 | 5.3 Medium |
| The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings | ||||
| CVE-2022-2630 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 4.3 Medium |
| An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events. | ||||
| CVE-2022-2592 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. | ||||