CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-45566 Memory corruption during concurrent buffer access due to modification of the reference count. | 7.8 | HIGH | — | 0 |
| CVE-2024-45567 Memory corruption while encoding JPEG format. | 7.8 | HIGH | — | 0 |
| CVE-2024-45568 Memory corruption due to improper bounds check while command handling in camera-kernel driver. | 6.7 | MEDIUM | — | 0 |
| CVE-2024-45570 Memory corruption may occur during IO configuration processing when the IO port count is invalid. | 6.6 | MEDIUM | — | 0 |
| CVE-2024-49847 Transient DOS while processing of a registration acceptance OTA due to incorrect ciphering key data IE. | 7.5 | HIGH | — | 0 |
| CVE-2024-45574 Memory corruption during array access in Camera kernel due to invalid index from invalid command data. | 7.8 | HIGH | — | 0 |
| CVE-2024-45575 Memory corruption Camera kernel when large number of devices are attached through userspace. | 7.8 | HIGH | — | 0 |
| CVE-2024-45576 Memory corruption while prociesing command buffer buffer in OPE module. | 7.8 | HIGH | — | 0 |
| CVE-2024-45577 Memory corruption while invoking IOCTL calls from userspace to camera kernel driver to dump request information. | 7.8 | HIGH | — | 0 |
| CVE-2024-45578 Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. | 7.8 | HIGH | — | 0 |
| CVE-2025-21460 Memory corruption while processing a message, when the buffer is controlled by a Guest VM, the value can be changed continuously. | 7.8 | HIGH | — | 0 |
| CVE-2024-45579 Memory corruption may occur when invoking IOCTL calls from userspace to the camera kernel driver to dump request information, due to a missing memory requirement check. | 7.8 | HIGH | — | 0 |
| CVE-2024-45581 Memory corruption while sound model registration for voice activation with audio kernel driver. | 6.6 | MEDIUM | — | 0 |
| CVE-2024-45583 Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. | 6.6 | MEDIUM | — | 0 |
| CVE-2024-49829 Memory corruption can occur during context user dumps due to inadequate checks on buffer length. | 6.7 | MEDIUM | — | 0 |
| CVE-2024-49830 Memory corruption while processing an IOCTL call to set mixer controls. | 6.6 | MEDIUM | — | 0 |
| CVE-2024-49835 Memory corruption while reading secure file. | 7.8 | HIGH | — | 0 |
| CVE-2024-49845 Memory corruption during the FRS UDS generation process. | 7.8 | HIGH | — | 0 |
| CVE-2025-4341 A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-4342 A vulnerability, which was classified as critical, has been found in D-Link DIR-600L up to 2.07B01. Affected by this issue is the function formEasySetupWizard3. The manipulation of the argument host l... | 8.8 | HIGH | — | 0 |
| CVE-2025-4343 A vulnerability has been found in D-Link DIR-600L up to 2.07B01 and classified as critical. This vulnerability affects the function formEasySetupWizard. The manipulation of the argument host leads to ... | 8.8 | HIGH | — | 0 |
| CVE-2025-2011 The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the... | 7.5 | HIGH | — | 0 |
| CVE-2025-3782 The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-40624 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-4344 A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It i... | 8.8 | HIGH | — | 0 |
| CVE-2025-4345 A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The a... | 8.8 | HIGH | — | 0 |
| CVE-2025-4346 A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer ove... | 8.8 | HIGH | — | 0 |
| CVE-2025-40620 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40621 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40622 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40623 SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-4347 A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host lea... | 8.8 | HIGH | — | 0 |
| CVE-2025-4348 A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been rated as critical. Affected by this issue is the function formSetWanL2TP. The manipulation of the argument host leads to buffer ... | 8.8 | HIGH | — | 0 |
| CVE-2025-0984 Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing ... | 8.2 | HIGH | — | 0 |
| CVE-2025-4349 A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. It is po... | 8.8 | HIGH | — | 0 |
| CVE-2025-4350 A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection... | 8.8 | HIGH | — | 0 |
| CVE-2018-1359 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-4354 A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-bas... | 8.8 | HIGH | — | 0 |
| CVE-2025-4355 A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buff... | 8.8 | HIGH | — | 0 |
| CVE-2025-4356 A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component A... | 8.8 | HIGH | — | 0 |
| CVE-2025-2898 IBM Maximo Application Suite 9.0 could allow an attacker with some level of access to elevate their privileges due to a security configuration vulnerability in Role-Based Access Control (RBAC) configu... | 7.5 | HIGH | — | 0 |
| CVE-2025-4361 A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. This affects an unknown part of the file /department.php. The manipulation of the argument de... | 7.3 | HIGH | — | 0 |
| CVE-2025-22477 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit ... | 8.3 | HIGH | — | 0 |
| CVE-2025-45489 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-22478 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network acc... | 8.1 | HIGH | — | 0 |
| CVE-2025-22479 Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker ... | 3.5 | LOW | — | 0 |
| CVE-2025-23379 Dell Storage Center - Dell Storage Manager, version(s) 21.0.20, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated att... | 3.5 | LOW | — | 0 |
| CVE-2025-45487 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45488 Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-46735 Terraform WinDNS Provider allows users to manage their Windows DNS server resources through Terraform. A security issue has been found in Terraform WinDNS Provider before version `1.0.5`. The `windns_... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.