Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37008 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain a buffer overflow in the ASN.1 deserialization function of the S1AP handler. This buffer overflow causes type confusion in decoded fields, leading to invalid parsing and freeing of memory. An attacker may use this to crash an MME or potentially execute code in certain circumstances. | |||||
| CVE-2023-37009 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 6.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Notification` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37010 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 6.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `eNB Status Transfer` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37011 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 6.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send a `Handover Required` message missing a required `MME_UE_S1AP_ID` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37012 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 5.3 MEDIUM |
| Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` message missing a required `PLMN Identity` field to repeatedly crash the MME, resulting in denial of service. | |||||
| CVE-2023-37022 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 7.5 HIGH |
| Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `UE Context Release Request` packet handler. A packet containing an invalid `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | |||||
| CVE-2023-37023 | 1 Open5gs | 1 Open5gs | 2025-04-22 | N/A | 8.6 HIGH |
| Open5GS MME versions <= 2.6.4 contain a reachable assertion in the `Uplink NAS Transport` packet handler. A packet missing its `MME_UE_S1AP_ID` field causes Open5gs to crash; an attacker may repeatedly send such packets to cause denial of service. | |||||
| CVE-2025-29189 | 1 Flowiseai | 1 Flowise | 2025-04-22 | N/A | 7.6 HIGH |
| Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores. | |||||
| CVE-2025-29390 | 1 Jerryhanjj | 1 Erp | 2025-04-22 | N/A | 8.8 HIGH |
| jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the set_password function in application/controllers/home.php. | |||||
| CVE-2025-29391 | 1 Horvey | 1 Library-manager | 2025-04-22 | N/A | 7.2 HIGH |
| horvey Library-Manager v1.0 is vulnerable to SQL Injection in Admin/Controller/BookController.class.php. | |||||
| CVE-2024-40068 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.9 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. | |||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.4 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. | |||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.1 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2024-40072 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. | |||||
| CVE-2024-40073 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4. | |||||
| CVE-2024-40074 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 4.8 MEDIUM |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'. | |||||
| CVE-2024-28276 | 1 Rems | 1 School Task Manager | 2025-04-22 | N/A | 6.1 MEDIUM |
| Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=. | |||||
| CVE-2024-34226 | 1 Oretnom23 | 1 Visitor Management System | 2025-04-22 | N/A | 9.4 CRITICAL |
| SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. | |||||
| CVE-2025-22903 | 1 Totolink | 2 N600r, N600r Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig. | |||||