Total
298014 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5659 | 1 Phpgurukul | 1 Complaint Management System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5652 | 1 Phpgurukul | 1 Complaint Management System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22533 | 1 Xiandafu | 1 Beetl | 2025-06-06 | N/A | 9.8 CRITICAL |
| Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | |||||
| CVE-2023-51955 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2025-06-06 | N/A | 9.8 CRITICAL |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. | |||||
| CVE-2023-48909 | 1 Aarboard | 1 Jave2 | 2025-06-06 | N/A | 8.8 HIGH |
| An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. | |||||
| CVE-2022-41545 | 1 Netgear | 2 C7800, C7800 Firmware | 2025-06-06 | N/A | 6.4 MEDIUM |
| The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack. | |||||
| CVE-2024-57050 | 1 Tp-link | 2 Wr840n, Wr840n Firmware | 2025-06-06 | N/A | 9.8 CRITICAL |
| A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. | |||||
| CVE-2024-57049 | 1 Tp-link | 2 Archer C20, Archer C20 Firmware | 2025-06-06 | N/A | 9.8 CRITICAL |
| A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. | |||||
| CVE-2025-26773 | 1 Analytify | 1 Analytify - Google Analytics Dashboard | 2025-06-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0. | |||||
| CVE-2025-26158 | 1 Kashipara | 1 Online Attendance Management System | 2025-06-06 | N/A | 5.6 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Attendance Management System V1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the department parameter. | |||||
| CVE-2025-26157 | 1 Darkseid | 1 Beauty Parlour Management System | 2025-06-06 | N/A | 5.9 MEDIUM |
| A SQL Injection vulnerability was found in /bpms/index.php in Source Code and Project Beauty Parlour Management System V1.1, which allows remote attackers to execute arbitrary code via the name POST request parameter. | |||||
| CVE-2024-57604 | 1 Mayswind | 1 Ezbookkeeping | 2025-06-06 | N/A | 9.8 CRITICAL |
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component. | |||||
| CVE-2024-57603 | 1 Mayswind | 1 Ezbookkeeping | 2025-06-06 | N/A | 6.3 MEDIUM |
| An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting. | |||||
| CVE-2025-5516 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-06 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5502 | 1 Totolink | 2 X15, X15 Firmware | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5525 | 1 Jrohy | 1 Trojan | 2025-06-06 | 5.1 MEDIUM | 5.6 MEDIUM |
| A vulnerability was found in Jrohy trojan up to 2.15.3. It has been declared as critical. This vulnerability affects the function LogChan of the file trojan/util/linux.go. The manipulation of the argument c leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-46852 | 1 Dotcamp | 1 Wp Table Builder | 2025-06-06 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions. | |||||
| CVE-2024-38894 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | 5.3 MEDIUM |
| WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. | |||||
| CVE-2024-38892 | 1 Wavlink | 2 Wn551k1, Wn551k1 Firmware | 2025-06-06 | N/A | 6.5 MEDIUM |
| An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. | |||||
| CVE-2024-33373 | 1 Lb-link | 2 Bl-w1210m, Bl-w1210m Firmware | 2025-06-06 | N/A | 6.3 MEDIUM |
| An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force attack. | |||||