Export limit exceeded: 44247 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44247 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3678 | 1 Pcman | 1 Ftp Server | 2025-05-12 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component HELP Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-43365 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2025-05-12 | 7.5 High |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overflow in the formSetDebugCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string. | ||||
| CVE-2025-4140 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4141 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4142 | 1 Netgear | 2 Ex6120, Ex6200 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4145 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4146 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4147 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4148 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 8.8 High |
| A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-43854 | 1 Langgenius | 1 Dify | 2025-05-12 | 6.1 Medium |
| DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users. This issue has been fixed in version 1.3.0. | ||||
| CVE-2025-3989 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 8.8 High |
| A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3990 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this issue is some unknown functionality of the file /boafrm/formVlan. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3991 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 8.8 High |
| A vulnerability, which was classified as critical, was found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boafrm/formWdsEncrypt. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3992 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 8.8 High |
| A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3993 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 8.8 High |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46661 | 1 Ipwsystems | 1 Metazo | 2025-05-12 | 10 Critical |
| IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier. | ||||
| CVE-2025-3982 | 1 Nortikin | 1 Sverchok | 2025-05-12 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2016-1000340 | 2 Bouncycastle, Redhat | 4 Bc-java, Jboss Fuse, Satellite and 1 more | 2025-05-12 | N/A |
| In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. | ||||
| CVE-2025-4348 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-05-12 | 8.8 High |
| A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-4347 | 1 Dlink | 2 Dir-600l, Dir-600l Firmware | 2025-05-12 | 8.8 High |
| A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | ||||