Total
299305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5858 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-06-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5763 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-06-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48012 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | N/A | 4.8 MEDIUM |
| Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||||
| CVE-2025-48011 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | N/A | 4.8 MEDIUM |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||||
| CVE-2023-5553 | 1 Axis | 2 Axis Os, Axis Os 2022 | 2025-06-10 | N/A | 7.6 HIGH |
| During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2023-46471 | 1 Spaceapplications | 1 Yacms | 2025-06-10 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer. | |||||
| CVE-2023-45377 | 1 Chronopost | 1 Chronopost | 2025-06-10 | N/A | 9.8 CRITICAL |
| In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-38823 | 1 Tenda | 8 Ac18, Ac18 Firmware, Ac19 and 5 more | 2025-06-10 | N/A | 9.8 CRITICAL |
| Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. | |||||
| CVE-2022-46337 | 1 Apache | 1 Derby | 2025-06-10 | N/A | 9.8 CRITICAL |
| A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was visible to and executable by the account which booted the Derby server. In LDAP-protected databases which weren't also protected by SQL GRANT/REVOKE authorization, this vulnerability could also let an attacker view and corrupt sensitive data and run sensitive database functions and procedures. Mitigation: Users should upgrade to Java 21 and Derby 10.17.1.0. Alternatively, users who wish to remain on older Java versions should build their own Derby distribution from one of the release families to which the fix was backported: 10.16, 10.15, and 10.14. Those are the releases which correspond, respectively, with Java LTS versions 17, 11, and 8. | |||||
| CVE-2022-39801 | 1 Sap | 1 Access Control | 2025-06-10 | N/A | 7.5 HIGH |
| SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. This attack can be launched only within the firewall. On successful exploitation the attacker can gain access to admin session and completely compromise the application. | |||||
| CVE-2022-39799 | 1 Sap | 1 Netweaver Application Server Abap | 2025-06-10 | N/A | 6.1 MEDIUM |
| An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user. | |||||
| CVE-2022-0934 | 2 Redhat, Thekelleys | 2 Enterprise Linux, Dnsmasq | 2025-06-10 | N/A | 7.5 HIGH |
| A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | |||||
| CVE-2013-6954 | 1 Libpng | 1 Libpng | 2025-06-10 | 5.0 MEDIUM | 6.5 MEDIUM |
| The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. | |||||
| CVE-2025-48010 | 1 One Time Password Project | 1 One Time Password | 2025-06-10 | N/A | 4.8 MEDIUM |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||||
| CVE-2024-3062 | 1 Pdfcrowd | 1 Save As Pdf | 2025-06-10 | N/A | 4.8 MEDIUM |
| The Save as Image Plugin by Pdfcrowd WordPress plugin before 3.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-4004 | 1 Bracketspace | 1 Advanced Cron Manager | 2025-06-10 | N/A | 6.1 MEDIUM |
| The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-5026 | 1 Cminds | 1 Cm Tooltip Glossary | 2025-06-10 | N/A | 4.8 MEDIUM |
| The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-13357 | 1 Metaphorcreations | 1 Ditty | 2025-06-10 | N/A | 4.8 MEDIUM |
| The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13383 | 1 Harmonicdesign | 1 Hd Quiz | 2025-06-10 | N/A | 4.8 MEDIUM |
| The HD Quiz WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||
| CVE-2024-13616 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2025-06-10 | N/A | 4.8 MEDIUM |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |||||