Export limit exceeded: 338487 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338487 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | 5.4 Medium |
| An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-46892 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | 8.8 High |
| The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | ||||
| CVE-2023-46889 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | 5.7 Medium |
| Meross MSH30Q 4.5.23 is vulnerable to Cleartext Transmission of Sensitive Information. During the device setup phase, the MSH30Q creates an unprotected Wi-Fi access point. In this phase, MSH30Q needs to connect to the Internet through a Wi-Fi router. This is why MSH30Q asks for the Wi-Fi network name (SSID) and the Wi-Fi network password. When the user enters the password, the transmission of the Wi-Fi password and name between the MSH30Q and mobile application is observed in the Wi-Fi network. Although the Wi-Fi password is encrypted, a part of the decryption algorithm is public so we complemented the missing parts to decrypt it. | ||||
| CVE-2023-43898 | 1 Nothings | 1 Stb Image.h | 2025-06-17 | 5.5 Medium |
| Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | ||||
| CVE-2023-41619 | 1 Emlog | 1 Emlog | 2025-06-17 | 6.1 Medium |
| Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. | ||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | 5.3 Medium |
| D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | ||||
| CVE-2023-40830 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-06-17 | 9.8 Critical |
| Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | ||||
| CVE-2023-33760 | 1 Splicecom | 1 Maximiser Soft Pbx | 2025-06-17 | 5.3 Medium |
| SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. | ||||
| CVE-2023-33295 | 1 Cohesity | 1 Cohesity Dataplatform | 2025-06-17 | 6.5 Medium |
| Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation. | ||||
| CVE-2024-33121 | 1 Roothub | 1 Roothub | 2025-06-17 | 6.3 Medium |
| Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function. | ||||
| CVE-2024-46540 | 2 Emlog, Emlog Pro Project | 2 Emlog, Emlog Pro | 2025-06-17 | 6.3 Medium |
| A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges. | ||||
| CVE-2024-47913 | 1 Mediawiki | 1 Mediawiki | 2025-06-17 | 5.3 Medium |
| An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. | ||||
| CVE-2024-44068 | 1 Samsung | 12 Exynos 850, Exynos 850 Firmware, Exynos 980 and 9 more | 2025-06-17 | 8.1 High |
| An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2024-46292 | 2 Modsecurity, Trustwave | 2 Modsecurity, Modsecurity | 2025-06-17 | 7.5 High |
| A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). | ||||
| CVE-2024-45184 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-06-17 | 6.2 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service. | ||||
| CVE-2024-48700 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | 7.2 High |
| Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. | ||||
| CVE-2024-48112 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | 9.8 Critical |
| A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | ||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2025-06-17 | 6.1 Medium |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | ||||
| CVE-2024-22912 | 1 Swftools | 1 Swftools | 2025-06-17 | 7.8 High |
| A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | ||||
| CVE-2024-22567 | 1 Mingsoft | 1 Mcms | 2025-06-17 | 8.8 High |
| File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | ||||