Total
295875 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28074 | 2025-06-07 | N/A | 6.1 MEDIUM | ||
| phpList before 3.6.15 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript. | |||||
| CVE-2025-31027 | 1 Jocoxdesign | 1 Tiger | 2025-06-06 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0. | |||||
| CVE-2025-48146 | 1 Lupsonline | 1 Seo Flow | 2025-06-06 | N/A | 7.1 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0. | |||||
| CVE-2025-39509 | 1 Themencode | 1 Tnc Flipbook | 2025-06-06 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue affects TNC FlipBook: from n/a through 12.1.0. | |||||
| CVE-2025-39507 | 1 Nasatheme | 1 Nasa Core | 2025-06-06 | N/A | 7.5 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2. | |||||
| CVE-2025-39493 | 1 Valvepress | 1 Rankie | 2025-06-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0. | |||||
| CVE-2025-39482 | 1 Imithemes | 1 Eventer | 2025-06-06 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6. | |||||
| CVE-2025-47544 | 1 Acowebs | 1 Dynamic Pricing With Discount Rules For Woocommerce | 2025-06-06 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8. | |||||
| CVE-2024-24262 | 1 Ireader | 1 Media-server | 2025-06-06 | N/A | 7.5 HIGH |
| media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. | |||||
| CVE-2024-22900 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-06-06 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. | |||||
| CVE-2023-51073 | 1 Buffalo | 2 Ls210d, Ls210d Firmware | 2025-06-06 | N/A | 8.1 HIGH |
| An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | |||||
| CVE-2024-37826 | 1 Vercot | 1 Serva | 2025-06-06 | N/A | 7.5 HIGH |
| A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2024-39702 | 1 Openresty | 1 Openresty | 2025-06-06 | N/A | 5.9 MEDIUM |
| In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected. | |||||
| CVE-2025-25522 | 1 Linksys | 2 Wap610n, Wap610n Firmware | 2025-06-06 | N/A | 7.3 HIGH |
| Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability. | |||||
| CVE-2023-51066 | 1 Qstar | 1 Archive Storage Manager | 2025-06-06 | N/A | 8.8 HIGH |
| An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. | |||||
| CVE-2025-5668 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5639 | 1 Phpgurukul | 1 Notice Board System | 2025-06-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5638 | 1 Phpgurukul | 1 Notice Board System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-5619 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-06-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5618 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-06-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||