Vulnerabilities (CVE)

Total 301389 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-36523 1 Wvp-pro 1 Gb28181 2025-06-13 N/A 6.5 MEDIUM
An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the application after deleting their own or administrator accounts. This is provided that the users do not log out of their deleted accounts.
CVE-2024-39174 1 Yzmcms 1 Yzmcms 2025-06-13 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a published article.
CVE-2024-37674 1 Moodle 1 Moodle 2025-06-13 N/A 5.5 MEDIUM
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVE-2025-46983 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46984 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46985 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46986 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-46987 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-53425 1 Assimp 1 Assimp 2025-06-13 N/A 6.2 MEDIUM
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash.
CVE-2025-46988 1 Adobe 1 Experience Manager 2025-06-13 N/A 5.4 MEDIUM
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-52771 1 Dedebiz 1 Dedebiz 2025-06-13 N/A 9.1 CRITICAL
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view.
CVE-2024-52770 1 Dedebiz 1 Dedebiz 2025-06-13 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-3623 2025-06-13 N/A 9.1 CRITICAL
The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for unauthenticated to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.
CVE-2024-52769 1 Dedebiz 1 Dedebiz 2025-06-13 N/A 7.2 HIGH
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-26846 1 Znuny 1 Znuny 2025-06-13 N/A 9.8 CRITICAL
An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.
CVE-2025-44830 1 Engineercms Project 1 Engineercms 2025-06-13 N/A 9.8 CRITICAL
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
CVE-2025-45779 1 Tenda 2 Ac10, Ac10 Firmware 2025-06-13 N/A 9.8 CRITICAL
Tenda AC10 V1.0re_V15.03.06.46 is vulnerable to Buffer Overflow in the formSetPPTPUserList handler via the list POST parameter.
CVE-2025-44175 1 Tenda 2 Ac10, Ac10 Firmware 2025-06-13 N/A 5.4 MEDIUM
Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
CVE-2024-34199 1 Ritlabs 1 Tinyweb 2025-06-13 N/A 8.6 HIGH
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
CVE-2024-34243 1 Pantsel 1 Konga 2025-06-13 N/A 5.4 MEDIUM
Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter.