Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44411 | 2 D-link, Dlink | 3 Di-8300, Di-8300, Di-8300 Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | ||||
| CVE-2024-57045 | 1 Dlink | 2 Dir-859 A3, Dir-859 A3 Firmware | 2025-05-21 | 9.8 Critical |
| A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page. | ||||
| CVE-2024-34950 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. | ||||
| CVE-2024-33111 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2025-05-21 | 5.4 Medium |
| D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php. | ||||
| CVE-2024-33112 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. | ||||
| CVE-2024-33113 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 5.3 Medium |
| D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php. | ||||
| CVE-2024-33110 | 2 D-link, Dlink | 3 Dir-845l, Dir-845l, Dir-845l Firmware | 2025-05-21 | 9.1 Critical |
| D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. | ||||
| CVE-2025-4925 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-05-21 | 7.3 High |
| A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-33345 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2025-05-21 | 6.5 Medium |
| D-Link DIR-823G A1V1.0.2B05 was found to contain a Null-pointer dereference in the main function of upload_firmware.cgi, which allows remote attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-33344 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2024-33343 | 1 Dlink | 3 Dir-822\+, Dir-822\+ Firmware, Dir-822 Firmware | 2025-05-21 | 8.8 High |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2024-33342 | 2 D-link, Dlink | 3 Dir-822, Dir-822\+, Dir-822\+ Firmware | 2025-05-21 | 7.5 High |
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | ||||
| CVE-2025-4926 | 1 Phpgurukul | 1 Car Rental Portal | 2025-05-21 | 4.7 Medium |
| A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4927 | 1 Phpgurukul | 1 Online Marriage Registration System | 2025-05-21 | 7.3 High |
| A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-49575 | 1 Flexense | 1 Vx Search | 2025-05-21 | 7.1 High |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | ||||
| CVE-2023-49572 | 1 Flexense | 1 Vx Search | 2025-05-21 | 7.1 High |
| A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads. | ||||
| CVE-2024-7253 | 1 Nomachine | 1 Nomachine | 2025-05-21 | 7.8 High |
| NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039. | ||||
| CVE-2024-49987 | 1 Linux | 1 Linux Kernel | 2025-05-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports: net.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior, Section 7.1.4 of the C standard (Use of library functions) mentions: "Each of the following statements applies unless explicitly stated otherwise in the detailed descriptions that follow: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or a pointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined." To avoid this, add an early return when nf_link_info is NULL to prevent calling qsort with a NULL pointer. | ||||
| CVE-2024-46843 | 1 Linux | 1 Linux Kernel | 2025-05-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it. | ||||
| CVE-2024-46803 | 1 Linux | 1 Linux Kernel | 2025-05-21 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. It will cause write dbg_ev_file execution after debug_trap_disable, which will cause NULL pointer access. v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL. | ||||