Total
26506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6216 | 2025-06-21 | N/A | 9.8 CRITICAL | ||
| Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104. | |||||
| CVE-2024-25678 | 1 Litespeedtech | 1 Lsquic | 2025-06-20 | N/A | 9.8 CRITICAL |
| In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | |||||
| CVE-2024-25307 | 1 Code-projects | 1 Cinema Seat Reservation System | 2025-06-20 | N/A | 9.8 CRITICAL |
| Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." | |||||
| CVE-2024-24321 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | |||||
| CVE-2024-24189 | 1 Jsish | 1 Jsish | 2025-06-20 | N/A | 9.8 CRITICAL |
| Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | |||||
| CVE-2024-24015 | 1 Xxyopen | 1 Novel-plus | 2025-06-20 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit | |||||
| CVE-2024-22853 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. | |||||
| CVE-2024-22836 | 1 Akaunting | 1 Akaunting | 2025-06-20 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. | |||||
| CVE-2023-46350 | 1 Innovadeluxe | 1 Manufacturer Or Supplier Alphabetical Search | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | |||||
| CVE-2024-24325 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | |||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||||
| CVE-2024-22751 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | |||||
| CVE-2024-22662 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | |||||
| CVE-2024-22660 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | |||||
| CVE-2024-20011 | 2 Google, Mediatek | 18 Android, Mt6985, Mt8127 and 15 more | 2025-06-20 | N/A | 9.8 CRITICAL |
| In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. | |||||
| CVE-2023-51951 | 1 Stock Management System Project | 1 Stock Management System | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | |||||
| CVE-2023-51887 | 1 Ctan | 1 Mathtex | 2025-06-20 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | |||||
| CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2025-06-20 | N/A | 9.1 CRITICAL |
| DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2021-42144 | 1 Contiki-ng | 1 Contiki-ng Tinydtls | 2025-06-20 | N/A | 9.8 CRITICAL |
| Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). | |||||
| CVE-2021-42143 | 1 Contiki-ng | 1 Tinydtls | 2025-06-20 | N/A | 9.1 CRITICAL |
| An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. | |||||