Total
297966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39702 | 1 Openresty | 1 Openresty | 2025-06-06 | N/A | 5.9 MEDIUM |
| In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected. | |||||
| CVE-2025-25522 | 1 Linksys | 2 Wap610n, Wap610n Firmware | 2025-06-06 | N/A | 7.3 HIGH |
| Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability. | |||||
| CVE-2023-51066 | 1 Qstar | 1 Archive Storage Manager | 2025-06-06 | N/A | 8.8 HIGH |
| An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. | |||||
| CVE-2025-5668 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5639 | 1 Phpgurukul | 1 Notice Board System | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5638 | 1 Phpgurukul | 1 Notice Board System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5619 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5618 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5617 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5616 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5613 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5612 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5670 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5669 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49223 | 1 Naver | 1 Billboard.js | 2025-06-06 | N/A | 9.8 CRITICAL |
| billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2023-7231 | 1 Evanliewer | 1 Illi Link Party\! | 2025-06-06 | N/A | 7.3 HIGH |
| The illi Link Party! WordPress plugin through 1.0 lacks proper access controls, allowing unauthenticated visitors to delete links. | |||||
| CVE-2024-34067 | 1 Pterodactyl | 1 Panel | 2025-06-06 | N/A | 6.1 MEDIUM |
| Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting (XSS) on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: Egg Docker images and Egg variables: Name, Environment variable, Default value, Description, Validation rules. Additionally, certain fields would reflect malicious input, but it would require the user knowingly entering such input to have an impact. To iterate, this would require an administrator to perform actions and can't be triggered by a normal panel user. This issue has has been addressed in version 1.11.6 and users are advised to upgrade. No workaround is available other than updating to the latest version of the panel. | |||||
| CVE-2024-6236 | 1 Citrix | 3 Netscaler Agent, Netscaler Console, Netscaler Sdx | 2025-06-06 | N/A | 7.5 HIGH |
| Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX | |||||
| CVE-2024-20382 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-06-06 | N/A | 6.1 MEDIUM |
| A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a browser that is accessing an affected device. This vulnerability is due to improper validation of user-supplied input to application endpoints. An attacker could exploit this vulnerability by persuading a user to follow a link designed to submit malicious input to the affected application. A successful exploit could allow the attacker to execute arbitrary HTML or script code in the browser in the context of the web services page. | |||||
| CVE-2025-23103 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2025-06-06 | N/A | 8.6 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes. | |||||