CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-12240 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-21758 A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provi... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-54021 An Improper Neutralization of CRLF Sequences in HTTP Headers ('http response splitting') vulnerability [CWE-113] in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a rem... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0320 Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | 7.8 | HIGH | — | 0 |
| CVE-2024-34166 An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrar... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-34544 A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An a... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-36258 A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-36272 A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An atta... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-36290 A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An at... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-36295 A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attac... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-36493 A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary comma... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37184 A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An a... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37186 An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37357 A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attac... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-38666 An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary com... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39273 A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can pe... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-39280 An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command executio... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39288 A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflo... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39294 A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An att... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39299 A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. A... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39357 A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command exec... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39358 A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attack... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39359 A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command ex... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39360 An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An a... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39367 An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39370 An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. ... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39602 An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. A... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39603 A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary ... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-39604 A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An at... | 9.0 | CRITICAL | — | 0 |
| CVE-2024-39608 A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-39754 A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets t... | 10.0 | CRITICAL | — | 0 |
| CVE-2024-39756 A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An a... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-26529 Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk. | 8.3 | HIGH | — | 0 |
| CVE-2025-26530 The question bank filter required additional sanitizing to prevent a reflected XSS risk. | 8.3 | HIGH | — | 0 |
| CVE-2025-26531 Insufficient capability checks made it possible to disable badges a user does not have permission to access. | 3.1 | LOW | — | 0 |
| CVE-2025-26532 Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. | 3.1 | LOW | — | 0 |
| CVE-2025-26533 An SQL injection risk was identified in the module list filter within course search. | 8.1 | HIGH | — | 0 |
| CVE-2024-27245 Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | 4.3 | MEDIUM | — | 0 |
| CVE-2024-27246 Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-0889 Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where ... | 7.8 | HIGH | — | 0 |
| CVE-2025-0719 IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-20116 A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have va... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-20117 A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit th... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-22853 Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | 2.3 | LOW | — | 0 |
| CVE-2025-20118 A vulnerability in the implementation of the internal system processes of Cisco APIC could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-20119 A vulnerability in the system file permission handling of Cisco APIC could allow an authenticated, local attacker to overwrite critical system files, which could cause a DoS condition. To exploit this... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-1506 The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.0. This is due to missing or incorrect nonce ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-0159 IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-0160 IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.... | 8.1 | HIGH | — | 0 |
| CVE-2025-1459 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.