Total
305836 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26206 | 1 Selldone | 1 Storefront | 2025-07-07 | N/A | 9.0 CRITICAL |
| Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component | |||||
| CVE-2025-26849 | 1 Docusnap | 1 Docusnap | 2025-07-07 | N/A | 4.3 MEDIUM |
| There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules. | |||||
| CVE-2025-26320 | 1 T0mer | 1 Broadlinkmanager | 2025-07-07 | N/A | 6.5 MEDIUM |
| t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. | |||||
| CVE-2024-56467 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2025-32715 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2025-07-07 | N/A | 6.5 MEDIUM |
| Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2024-56493 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2025-27487 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2025-07-07 | N/A | 8.0 HIGH |
| Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-0900 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 3.3 LOW |
| PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25368. | |||||
| CVE-2024-56494 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2024-56495 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2024-56496 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2022-40847 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 7.8 HIGH |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter. | |||||
| CVE-2022-40845 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 6.5 MEDIUM |
| The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure vulnerability. When combined with the improper authorization/improper session management vulnerability, an attacker with access to the router may be able to expose sensitive information which they're not explicitly authorized to have. | |||||
| CVE-2022-40843 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 4.9 MEDIUM |
| The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. | |||||
| CVE-2022-42053 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 7.8 HIGH |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | |||||
| CVE-2022-40846 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 4.8 MEDIUM |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | |||||
| CVE-2025-25763 | 1 Crmeb | 1 Crmeb | 2025-07-07 | N/A | 9.8 CRITICAL |
| crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php | |||||
| CVE-2022-40844 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | N/A | 5.4 MEDIUM |
| In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | |||||
| CVE-2024-12607 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | N/A | 6.5 MEDIUM |
| The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-12609 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | N/A | 6.5 MEDIUM |
| The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the mj_smgt_view_student_attendance() function. This makes it possible for authenticated attackers, with Student-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||