Export limit exceeded: 334525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334525 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56706 | 1 Edimax | 2 Br-6473ax, Br-6473ax Firmware | 2025-09-19 | 8 High |
| Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function. | ||||
| CVE-2025-10687 | 2 Jkev, Sourcecodester | 2 Responsive E-learning System, Responsive E-learning System | 2025-09-19 | 7.3 High |
| A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/add_teacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-10673 | 1 Itsourcecode | 1 Student Information Management System | 2025-09-19 | 7.3 High |
| A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10624 | 1 Phpgurukul | 1 User Management System | 2025-09-19 | 7.3 High |
| A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10442 | 1 Tenda | 4 Ac15, Ac15 Firmware, Ac9 and 1 more | 2025-09-19 | 6.3 Medium |
| A vulnerability was determined in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2023-21468 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-19 | 5.9 Medium |
| Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission. | ||||
| CVE-2023-21469 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-19 | 4 Medium |
| Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. | ||||
| CVE-2023-21470 | 1 Samsung | 2 Android, Mobile Devices | 2025-09-19 | 4 Medium |
| Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. | ||||
| CVE-2023-21474 | 2 Google, Samsung | 4 Android, Android, Mobile and 1 more | 2025-09-19 | 6.3 Medium |
| Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege. | ||||
| CVE-2023-21478 | 1 Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-19 | 6 Medium |
| Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. | ||||
| CVE-2023-21480 | 1 Samsung | 4 Android, Mobile, Samsung and 1 more | 2025-09-19 | 8.5 High |
| Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2025-10662 | 1 Seacms | 1 Seacms | 2025-09-19 | 4.7 Medium |
| A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This affects another injection point than CVE-2025-25513. | ||||
| CVE-2025-10664 | 1 Phpgurukul | 1 Small Crm | 2025-09-19 | 7.3 High |
| A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-26026 | 1 F5 | 1 Big-ip Next Central Manager | 2025-09-19 | 7.5 High |
| An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-21793 | 1 F5 | 1 Big-ip Next Central Manager | 2025-09-19 | 7.5 High |
| An OData injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-40542 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2025-09-19 | 7.5 High |
| When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2014-0773 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “CreateProcess.” This method contains validation to ensure an attacker cannot run arbitrary command lines. After validation, the values supplied in the HTML are passed to the Windows CreateProcessA API. The validation can be bypassed allowing for running arbitrary command lines. The command line can specify running remote files (example: UNC command line). A function exists at offset 100019B0 of bwocxrun.ocx. Inside this function, there are 3 calls to strstr to check the contents of the user specified command line. If “\setup.exe,” “\bwvbprt.exe,” or “\bwvbprtl.exe” are contained in the command line (strstr returns nonzero value), the command line passes validation and is then passed to CreateProcessA. | ||||
| CVE-2014-0772 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named OpenUrlToBufferTimeout. This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows file:// URLs that access the local disk. The method can be used to open a URL (including file URLs) and read the URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. | ||||
| CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. The method can be used to open a URL (including file URLs) and read file URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. | ||||
| CVE-2014-0770 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | ||||