Vulnerabilities (CVE)

Total 79787 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5595 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-20163 2025-06-05 N/A 8.7 HIGH
A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials.
CVE-2025-5609 2025-06-05 9.0 HIGH 8.8 HIGH
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3054 2025-06-05 N/A 8.8 HIGH
The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.
CVE-2025-5608 2025-06-05 9.0 HIGH 8.8 HIGH
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5636 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5637 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5665 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5664 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5671 2025-06-05 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5672 2025-06-05 9.0 HIGH 8.8 HIGH
A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-46341 2025-06-05 N/A 7.1 HIGH
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
CVE-2024-2014 1 Panabit 1 Panalog 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-1840 1 Esafenet 1 Cdg 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4937 1 Oretnom23 1 Apartment Visitor Management System 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-4936 1 Projectworlds 1 Online Food Ordering System 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-24399 1 Lepton-cms 1 Leptoncms 2025-06-05 N/A 7.2 HIGH
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVE-2024-24311 1 Lineagrafica 1 Multilingual And Multistore Sitemap Pro 2025-06-05 N/A 7.5 HIGH
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.
CVE-2024-24266 1 Gpac 1 Gpac 2025-06-05 N/A 7.5 HIGH
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
CVE-2024-24258 1 Artifex 1 Mupdf 2025-06-05 N/A 7.5 HIGH
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.