Total
296972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11000 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10999 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-1103 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input <img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability. | |||||
| CVE-2025-21479 | 1 Qualcomm | 144 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 141 more | 2025-06-04 | N/A | 8.6 HIGH |
| Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | |||||
| CVE-2025-5581 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5582 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5583 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5580 | 1 Codeastro | 1 Real Estate Management System | 2025-06-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-33526 | 1 Ilias | 1 Ilias | 2025-06-04 | N/A | 7.1 HIGH |
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33527 | 1 Ilias | 1 Ilias | 2025-06-04 | N/A | 5.4 MEDIUM |
| A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33528 | 1 Ilias | 1 Ilias | 2025-06-04 | N/A | 4.7 MEDIUM |
| A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload. | |||||
| CVE-2024-33529 | 1 Ilias | 1 Ilias | 2025-06-04 | N/A | 7.2 HIGH |
| ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types. | |||||
| CVE-2024-48905 | 1 Sematell | 1 Replyone | 2025-06-04 | N/A | 9.1 CRITICAL |
| Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint. | |||||
| CVE-2024-48906 | 1 Sematell | 1 Replyone | 2025-06-04 | N/A | 6.1 MEDIUM |
| Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name. | |||||
| CVE-2024-48907 | 1 Sematell | 1 Replyone | 2025-06-04 | N/A | 7.5 HIGH |
| Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API. | |||||
| CVE-2023-35712 | 1 Ashlar | 1 Cobalt | 2025-06-04 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20200. | |||||
| CVE-2023-35710 | 1 Ashlar | 1 Cobalt | 2025-06-04 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19956. | |||||
| CVE-2025-45800 | 1 Totolink | 2 A950rg, A950rg Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter. | |||||
| CVE-2025-44900 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-04 | N/A | 6.5 MEDIUM |
| In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow. | |||||
| CVE-2025-44899 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-06-04 | N/A | 9.8 CRITICAL |
| There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to stack overflow. | |||||