Total
306554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54844 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54843 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54842 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54841 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54840 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54839 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54657 | 2025-08-01 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-29360 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29359 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29358 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-29357 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | N/A | 7.5 HIGH |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-48206 | 1 Nitsantech | 1 Ns-backup | 2025-08-01 | N/A | 6.1 MEDIUM |
| The ns_backup extension through 13.0.0 for TYPO3 allows XSS. | |||||
| CVE-2023-31746 | 1 Adslr | 2 Vw2100, Vw2100 Firmware | 2025-08-01 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user. | |||||
| CVE-2023-37847 | 1 Xxyopen | 1 Novel-plus | 2025-08-01 | N/A | 9.8 CRITICAL |
| novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. | |||||
| CVE-2024-1251 | 1 Tongda2000 | 1 Office Anywhere | 2025-08-01 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-7021 | 1 Tongda2000 | 1 Office Anywhere | 2025-08-01 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been classified as critical. Affected is an unknown function of the file general/vehicle/checkup/delete_search.php. The manipulation of the argument VU_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248568. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10114 | 1 Wpwebelite | 1 Woocommerce Social Login | 2025-08-01 | N/A | 8.1 HIGH |
| The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | |||||
| CVE-2025-27221 | 1 Ruby-lang | 1 Uri | 2025-08-01 | N/A | 3.2 LOW |
| In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | |||||
| CVE-2024-13316 | 1 Akashmalik | 1 Scratch \& Win | 2025-08-01 | N/A | 5.3 MEDIUM |
| The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswn_create_discount() function in all versions up to, and including, 2.8.0. This makes it possible for unauthenticated attackers to create coupons. | |||||
| CVE-2023-5520 | 1 Gpac | 1 Gpac | 2025-08-01 | N/A | 7.7 HIGH |
| Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | |||||