Total
306294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1522 | 1 Lollms | 1 Lollms Web Ui | 2025-08-15 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. | |||||
| CVE-2024-1646 | 1 Lollms | 1 Lollms-webui | 2025-08-15 | N/A | 8.2 HIGH |
| parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration. | |||||
| CVE-2024-21459 | 1 Qualcomm | 350 Ar8035, Ar8035 Firmware, Ar9380 and 347 more | 2025-08-15 | N/A | 6.5 MEDIUM |
| Information disclosure while handling beacon or probe response frame in STA. | |||||
| CVE-2024-21803 | 1 Linux | 1 Linux Kernel | 2025-08-15 | N/A | 3.5 LOW |
| Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. | |||||
| CVE-2024-34949 | 1 Likeshop | 1 Likeshop | 2025-08-15 | N/A | 8.2 HIGH |
| SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint. | |||||
| CVE-2021-30187 | 2 Codesys, Wago | 55 Runtime Toolkit, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 4.6 MEDIUM | 5.3 MEDIUM |
| CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | |||||
| CVE-2021-30188 | 2 Codesys, Wago | 55 V2 Runtime System Sp, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow. | |||||
| CVE-2021-30189 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow. | |||||
| CVE-2021-30190 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control. | |||||
| CVE-2021-30191 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Checking the Size of the Input. | |||||
| CVE-2021-30192 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. | |||||
| CVE-2021-30193 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write. | |||||
| CVE-2021-30194 | 2 Codesys, Wago | 55 V2 Web Server, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read. | |||||
| CVE-2021-30195 | 2 Codesys, Wago | 56 Plcwinnt, Runtime Toolkit, 750-8202 and 53 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validation. | |||||
| CVE-2021-34583 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | |||||
| CVE-2021-34584 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Crafted web server requests can be utilised to read partial stack or heap memory or may trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. | |||||
| CVE-2021-34585 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests can trigger a parser error. Since the parser result is not checked under all conditions, a pointer dereference with an invalid address can occur. This leads to a denial of service situation. | |||||
| CVE-2021-34586 | 2 Codesys, Wago | 55 Codesys, 750-8202, 750-8202 Firmware and 52 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. | |||||
| CVE-2021-34593 | 2 Codesys, Wago | 28 Plcwinnt, Runtime Toolkit, 750-8202 and 25 more | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing the PLC. | |||||
| CVE-2021-34595 | 2 Codesys, Wago | 57 Codesys, Plcwinnt, Runtime Toolkit and 54 more | 2025-08-15 | 5.5 MEDIUM | 8.1 HIGH |
| A crafted request with invalid offsets may cause an out-of-bounds read or write access in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56, resulting in a denial-of-service condition or local memory overwrite. | |||||