Total
306263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25905 | 1 4pace | 1 Cadclick | 2025-07-07 | N/A | 7.1 HIGH |
| Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter. | |||||
| CVE-2025-6658 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 3.3 LOW |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26733. | |||||
| CVE-2025-6659 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 7.8 HIGH |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26734. | |||||
| CVE-2024-40090 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 4.3 MEDIUM |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. | |||||
| CVE-2024-40089 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.1 CRITICAL |
| A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. | |||||
| CVE-2024-40088 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 5.3 MEDIUM |
| A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | |||||
| CVE-2024-40087 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.6 CRITICAL |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | |||||
| CVE-2024-40084 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.6 CRITICAL |
| A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | |||||
| CVE-2025-6660 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 7.8 HIGH |
| PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763. | |||||
| CVE-2025-24988 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-07 | N/A | 6.6 MEDIUM |
| Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | |||||
| CVE-2024-48232 | 1 Mipjz Project | 1 Mipjz | 2025-07-07 | N/A | 4.9 MEDIUM |
| An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files. | |||||
| CVE-2024-48233 | 1 Mipjz Project | 1 Mipjz | 2025-07-07 | N/A | 4.8 MEDIUM |
| mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. | |||||
| CVE-2025-24987 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-07 | N/A | 6.6 MEDIUM |
| Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | |||||
| CVE-2024-48270 | 1 Misstt123 | 1 Oasys | 2025-07-07 | N/A | 7.5 HIGH |
| An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. | |||||
| CVE-2024-4839 | 1 Lollms | 1 Lollms-webui | 2025-07-07 | N/A | 3.3 LOW |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent. | |||||
| CVE-2025-24084 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-07 | N/A | 8.4 HIGH |
| Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-24076 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-07 | N/A | 7.3 HIGH |
| Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-4841 | 1 Parisneo | 1 Lollms-webui | 2025-07-07 | N/A | 3.3 LOW |
| A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint. | |||||
| CVE-2021-3186 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-07-07 | 4.3 MEDIUM | 5.4 MEDIUM |
| A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter. | |||||
| CVE-2020-28095 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-07-07 | 7.8 HIGH | 7.5 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | |||||