Total
291487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22900 | 1 Totolink | 2 N600r, N600r Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| Totolink N600R v4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function. | |||||
| CVE-2025-3665 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3664 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-34230 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | |||||
| CVE-2025-3674 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-04-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-34231 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 7.1 HIGH |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | |||||
| CVE-2025-32375 | 1 Bentoml | 1 Bentoml | 2025-04-22 | N/A | 9.8 CRITICAL |
| BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8. | |||||
| CVE-2024-33304 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 6.1 MEDIUM |
| SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users. | |||||
| CVE-2025-3115 | 1 Tibco | 6 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Deployment Kit and 3 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | |||||
| CVE-2024-33306 | 1 Sourcecodester | 1 Laboratory Management System | 2025-04-22 | N/A | 7.4 HIGH |
| SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | |||||
| CVE-2025-25457 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2. | |||||
| CVE-2025-25453 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serviceName2. | |||||
| CVE-2025-25458 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 4.6 MEDIUM |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via serverName2. | |||||
| CVE-2025-25456 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via mac2. | |||||
| CVE-2025-25454 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. | |||||
| CVE-2025-25455 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-04-22 | N/A | 7.5 HIGH |
| Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. | |||||
| CVE-2025-3786 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-22 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC15 up to 15.03.05.19 and classified as critical. This issue affects the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument mac leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-29462 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack. | |||||
| CVE-2025-29453 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the my-contacts-settings component. | |||||
| CVE-2025-29454 | 1 Personal-management-system | 1 Personal Management System | 2025-04-22 | N/A | 6.5 MEDIUM |
| An issue in personal-management-system Personal Management System 1.4.65 allows a remote attacker to obtain sensitive information via the Upload function. | |||||