Total
302449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55651 | 1 Portabilis | 1 I-educar | 2025-06-17 | N/A | 5.4 MEDIUM |
| i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist. | |||||
| CVE-2025-32873 | 1 Djangoproject | 1 Django | 2025-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags(). | |||||
| CVE-2025-28389 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 9.8 CRITICAL |
| Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack. | |||||
| CVE-2025-45818 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | N/A | 6.5 MEDIUM |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php. | |||||
| CVE-2025-45819 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | N/A | 6.5 MEDIUM |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php. | |||||
| CVE-2025-45820 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | N/A | 6.5 MEDIUM |
| Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php. | |||||
| CVE-2025-28388 | 1 Openc3 | 1 Cosmos | 2025-06-17 | N/A | 9.8 CRITICAL |
| OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account. | |||||
| CVE-2025-32390 | 1 Espocrm | 1 Espocrm | 2025-06-17 | N/A | 8.5 HIGH |
| EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login page. Authenticated users with the read knowledge article privilege can browse to the KB article and if they submit their credentials, they get captured in plain text. The vulnerability is allowed by overly permissive HTML editing being allowed on the KB articles. Any authenticated user with the privilege to read KB articles is impacted. In an enterprise with multiple applications, the malicious KB article could be edited to match the login pages of other applications, which would make it useful for credential harvesting against other applications as well. Version 9.0.8 contains a patch for the issue. | |||||
| CVE-2025-45864 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 5.4 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolStart parameter in the formDhcpv6s interface. | |||||
| CVE-2025-45866 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 5.4 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the addrPoolEnd parameter in the formDhcpv6s interface. | |||||
| CVE-2025-45867 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 5.4 MEDIUM |
| TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the static_dns1 parameter in the formIpv6Setup interface. | |||||
| CVE-2024-46506 | 1 Netalertx | 1 Netalertx | 2025-06-17 | N/A | 10.0 CRITICAL |
| NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. | |||||
| CVE-2025-6111 | 1 Tenda | 2 Fh1205, Fh1205 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6110 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6113 | 1 Tenda | 2 Fh1203, Fh1203 Firmware | 2025-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-47868 | 1 Apache | 1 Nuttx | 2025-06-17 | N/A | 9.8 CRITICAL |
| Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue. | |||||
| CVE-2025-6119 | 1 Assimp | 1 Assimp | 2025-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | |||||
| CVE-2025-47869 | 1 Apache | 1 Nuttx | 2025-06-17 | N/A | 9.8 CRITICAL |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0. Users of XMLRPC in Apache NuttX RTOS are advised to review their code for this pattern and update buffer sizes as presented in the version of the example in release 12.9.0. | |||||
| CVE-2025-6120 | 1 Assimp | 1 Assimp | 2025-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | |||||
| CVE-2025-6121 | 1 Dlink | 2 Dir-632, Dir-632 Firmware | 2025-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-632 FW103B08. Affected by this issue is the function get_pure_content of the component HTTP POST Request Handler. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||