Export limit exceeded: 342334 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342334 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8437 | 1 Plugingarden | 1 Wp Easy Gallery | 2025-05-29 | 4.3 Medium |
| The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries. | ||||
| CVE-2024-50690 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | 6.5 Medium |
| SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates. | ||||
| CVE-2024-50692 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | 5.4 Medium |
| SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level. | ||||
| CVE-2024-50694 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | 9.8 Critical |
| In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when copying the timestamp read from an MQTT message, the underlying code does not check the bounds of the buffer that is used to store the message. This may lead to a stack-based buffer overflow. | ||||
| CVE-2024-50695 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | 9.8 Critical |
| SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks. | ||||
| CVE-2024-50697 | 1 Sungrowpower | 2 Winet-s, Winet-s Firmware | 2025-05-29 | 8.1 High |
| In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow. | ||||
| CVE-2024-57590 | 1 Trendnet | 2 Tew-632brp, Tew-632brp Firmware | 2025-05-29 | 9.8 Critical |
| TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request. | ||||
| CVE-2025-0993 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. | ||||
| CVE-2025-1110 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 2.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | ||||
| CVE-2025-2853 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | ||||
| CVE-2025-3111 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. | ||||
| CVE-2025-0605 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.6 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | ||||
| CVE-2025-0679 | 1 Gitlab | 1 Gitlab | 2025-05-29 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | ||||
| CVE-2025-44884 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function. | ||||
| CVE-2025-44885 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the remote_ip parameter in the web_snmpv3_remote_engineId_add_post function. | ||||
| CVE-2025-44886 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the byruleEditName parameter in the web_acl_mgmt_Rules_Edit_postcontains function. | ||||
| CVE-2025-44887 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function. | ||||
| CVE-2025-44888 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function. | ||||
| CVE-2025-44890 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the host_ip parameter in the web_snmp_notifyv3_add_post function. | ||||
| CVE-2025-44883 | 1 Planet | 2 Wgs-804hpt, Wgs-804hpt Firmware | 2025-05-29 | 9.8 Critical |
| FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the tacIp parameter in the web_tacplus_serverEdit_post function. | ||||