Total
299069 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6369 | 2025-06-20 | 8.8 High | ||
| A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6368 | 2025-06-20 | 8.8 High | ||
| A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6367 | 2025-06-20 | 8.8 High | ||
| A vulnerability was found in D-Link DIR-619L 2.06B01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formSetDomainFilter. The manipulation of the argument curTime/sched_name_%d/url_%d leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6365 | 2025-06-20 | 5.7 Medium | ||
| A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2025-6364 | 2025-06-20 | 7.3 High | ||
| A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. | ||||
| CVE-2024-25678 | 1 Litespeedtech | 1 Lsquic | 2025-06-20 | 5.9 Medium |
| In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | ||||
| CVE-2024-25445 | 1 Hugin Project | 1 Hugin | 2025-06-20 | 7.8 High |
| Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. | ||||
| CVE-2024-25312 | 1 Code-projects | 1 Simple School Management System | 2025-06-20 | 8.8 High |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." | ||||
| CVE-2024-25310 | 1 Code-projects | 1 Simple School Management System | 2025-06-20 | 8.8 High |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." | ||||
| CVE-2024-25307 | 1 Code-projects | 1 Cinema Seat Reservation System | 2025-06-20 | 9.8 Critical |
| Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | ||||
| CVE-2024-25200 | 1 Espruino | 1 Espruino | 2025-06-20 | 7.5 High |
| Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. | ||||
| CVE-2024-24321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-20 | 9.8 Critical |
| An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | ||||
| CVE-2024-24215 | 1 Cellinx | 1 Nvt Web Server | 2025-06-20 | 5.3 Medium |
| An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. | ||||
| CVE-2024-24189 | 1 Jsish | 1 Jsish | 2025-06-20 | 9.8 Critical |
| Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | ||||
| CVE-2024-24015 | 1 Xxyopen | 1 Novel-plus | 2025-06-20 | 9.8 Critical |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit | ||||
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-20 | 9.8 Critical |
| D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | ||||
| CVE-2024-22836 | 1 Akaunting | 1 Akaunting | 2025-06-20 | 9.8 Critical |
| An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. | ||||
| CVE-2024-22715 | 1 Codelyfe | 1 Stupid Simple Cms | 2025-06-20 | 8.8 High |
| Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. | ||||
| CVE-2023-47889 | 1 Binhdrm26 | 1 Super Reboot | 2025-06-20 | 7.8 High |
| The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. | ||||
| CVE-2023-46350 | 1 Innovadeluxe | 1 Manufacturer Or Supplier Alphabetical Search | 2025-06-20 | 9.8 Critical |
| SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | ||||