Total
305920 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48233 | 1 Mipjz Project | 1 Mipjz | 2025-07-07 | N/A | 4.8 MEDIUM |
| mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. | |||||
| CVE-2025-24987 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-07 | N/A | 6.6 MEDIUM |
| Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | |||||
| CVE-2024-48270 | 1 Misstt123 | 1 Oasys | 2025-07-07 | N/A | 7.5 HIGH |
| An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. | |||||
| CVE-2024-4839 | 1 Lollms | 1 Lollms-webui | 2025-07-07 | N/A | 3.3 LOW |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent. | |||||
| CVE-2025-24084 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-07 | N/A | 8.4 HIGH |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-24076 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-07 | N/A | 7.3 HIGH |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-4841 | 1 Parisneo | 1 Lollms-webui | 2025-07-07 | N/A | 3.3 LOW |
| A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint. | |||||
| CVE-2021-3186 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-07 | 4.3 MEDIUM | 5.4 MEDIUM |
| A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. | |||||
| CVE-2020-28095 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 7.8 HIGH | 7.5 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | |||||
| CVE-2025-21199 | 1 Microsoft | 1 Azure Agent | 2025-07-07 | N/A | 6.7 MEDIUM |
| Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-6378 | 1 Corporatezen | 1 Responsive Food And Drink Menu | 2025-07-07 | N/A | 6.4 MEDIUM |
| The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_pdf_menus shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2019-16869 | 4 Canonical, Debian, Netty and 1 more | 5 Ubuntu Linux, Debian Linux, Netty and 2 more | 2025-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | |||||
| CVE-2024-48597 | 1 Angeljudesuarez | 1 Online Clinic Management System | 2025-07-07 | N/A | 8.1 HIGH |
| Online Clinic Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /success/editp.php?action=edit. | |||||
| CVE-2024-50986 | 1 Clementine-player | 1 Clementine | 2025-07-07 | N/A | 7.3 HIGH |
| An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file. | |||||
| CVE-2024-51091 | 1 Seajs | 1 Seajs | 2025-07-07 | N/A | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in seajs v.2.2.3 allows a remote attacker to execute arbitrary code via the seajs package | |||||
| CVE-2024-5125 | 1 Lollms | 1 Lollms-webui | 2025-07-07 | N/A | 7.3 HIGH |
| parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upon rendering, leading to potential credential theft and unauthorized data access. The Open Redirect vulnerability arises from insufficient URL validation within SVG files, enabling attackers to redirect users to malicious websites, thereby exposing them to phishing attacks, malware distribution, and reputation damage. These vulnerabilities are present in the application's functionality to send files to the AI module. | |||||
| CVE-2024-51459 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-07 | N/A | 8.4 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | |||||
| CVE-2024-46450 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | N/A | 8.1 HIGH |
| Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2024-40503 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-07-07 | N/A | 6.5 MEDIUM |
| An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. | |||||
| CVE-2024-51477 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-07 | N/A | 4.3 MEDIUM |
| IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy. | |||||