Total
26515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46350 | 1 Innovadeluxe | 1 Manufacturer Or Supplier Alphabetical Search | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. | |||||
| CVE-2024-24325 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. | |||||
| CVE-2024-24324 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. | |||||
| CVE-2024-22751 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | |||||
| CVE-2024-22662 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | |||||
| CVE-2024-22660 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | |||||
| CVE-2024-20011 | 2 Google, Mediatek | 18 Android, Mt6985, Mt8127 and 15 more | 2025-06-20 | N/A | 9.8 CRITICAL |
| In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. | |||||
| CVE-2023-51951 | 1 Stock Management System Project | 1 Stock Management System | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Stock Management System 1.0 allows a remote attacker to execute arbitrary code via the id parameter in the manage_bo.php file. | |||||
| CVE-2023-51887 | 1 Ctan | 1 Mathtex | 2025-06-20 | N/A | 9.8 CRITICAL |
| Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. | |||||
| CVE-2023-51839 | 1 Devicefarmer | 1 Smartphone Test Farm | 2025-06-20 | N/A | 9.1 CRITICAL |
| DeviceFarmer stf v3.6.6 suffers from Use of a Broken or Risky Cryptographic Algorithm. | |||||
| CVE-2021-42144 | 1 Contiki-ng | 1 Contiki-ng Tinydtls | 2025-06-20 | N/A | 9.8 CRITICAL |
| Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). | |||||
| CVE-2021-42143 | 1 Contiki-ng | 1 Tinydtls | 2025-06-20 | N/A | 9.1 CRITICAL |
| An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. | |||||
| CVE-2024-35079 | 1 Inxedu | 1 Inxedu | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-35080 | 1 Inxedu | 1 Inxedu | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-35570 | 1 Inxedu | 1 Inxedu | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. | |||||
| CVE-2024-31030 | 1 Keith-cullen | 1 Freecoap | 2025-06-20 | N/A | 9.1 CRITICAL |
| An issue in coap_msg.c in Keith Cullen's FreeCoAP v.0.7 allows remote attackers to cause a Denial of Service or potentially disclose information via a specially crafted packet. | |||||
| CVE-2024-23751 | 1 Llamaindex | 1 Llamaindex | 2025-06-20 | N/A | 9.8 CRITICAL |
| LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input. | |||||
| CVE-2023-51947 | 1 Actidata | 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware | 2025-06-20 | N/A | 9.1 CRITICAL |
| Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. | |||||
| CVE-2023-51925 | 1 Yonyou | 1 Yonbip | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-48118 | 1 Quest-analytics | 1 Iqcrm | 2025-06-20 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. | |||||