Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2024-45775 A flaw was found in grub2 where the grub_extcmd_dispatcher() function calls grub_arg_list_alloc() to allocate memory for the grub's argument list. However, it fails to check in case the memory allocat... | 5.2 | MEDIUM | — | 0 |
| CVE-2024-45783 A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-25891 A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01, triggered by the destination, netmask and gateway parameters. This vulnerability allows attackers to cause a Denial of Service ... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-25892 A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the sstartip, sendip, dstartip, and dendip parameters. This vulnerability allows attackers to cause a Denial of Service (DoS... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-25893 An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute ... | 8.0 | HIGH | — | 0 |
| CVE-2025-25894 An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. This vulnerability allows attackers to execute arbitrary operating system (OS) ... | 8.0 | HIGH | — | 0 |
| CVE-2025-25895 An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. This vulnerability allows attackers to execute arbitrary operating system (OS) commands via... | 8.0 | HIGH | — | 0 |
| CVE-2025-25896 A buffer overflow vulnerability was discovered in D-Link DSL-3782 v1.01 via the destination, netmask, and gateway parameters. This vulnerability allows attackers to cause a Denial of Service (DoS) via... | 5.7 | MEDIUM | — | 0 |
| CVE-2024-12173 The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Script... | 3.5 | LOW | — | 0 |
| CVE-2024-13591 The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up t... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13592 The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shor... | 7.5 | HIGH | — | 0 |
| CVE-2023-51293 A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Event Booking Calendar v4.0 allows attackers to send an excessive amount of email for a legitimate user, leadin... | 7.5 | HIGH | — | 0 |
| CVE-2025-0624 A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using... | 7.6 | HIGH | — | 0 |
| CVE-2025-27091 OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker ... | 7.5 | HIGH | — | 0 |
| CVE-2025-25662 Tenda O4 V3.0 V1.0.0.10(2936) is vulnerable to Buffer Overflow in the function SafeSetMacFilter of the file /goform/setMacFilterList via the argument remark/type/time. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27088 oxyno-zeta/s3-proxy is an aws s3 proxy written in go. In affected versions a Reflected Cross-site Scripting (XSS) vulnerability enables attackers to create malicious URLs that, when visited, inject sc... | 8.2 | HIGH | — | 0 |
| CVE-2024-13314 The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cr... | 3.5 | LOW | — | 0 |
| CVE-2024-13585 The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta... | 3.5 | LOW | — | 0 |
| CVE-2025-1578 A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the ar... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1580 A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1587 A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects the function addrecords of the file main.cpp of the component Add N... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-1607 A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.ph... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1612 A vulnerability was found in Edimax BR-6288ACL 1.30. It has been declared as problematic. This vulnerability affects unknown code of the file wireless5g_basic.asp. The manipulation of the argument SSI... | 3.5 | LOW | — | 0 |
| CVE-2024-12308 The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-13605 The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting ... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-0690 The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the nex... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-26200 SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component. | 7.2 | HIGH | — | 0 |
| CVE-2024-10545 The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Store... | 3.5 | LOW | — | 0 |
| CVE-2022-49056 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-22868 An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. | 7.5 | HIGH | — | 0 |
| CVE-2025-21462 Memory corruption while processing an IOCTL request, when buffer significantly exceeds the command argument limit. | 7.8 | HIGH | — | 0 |
| CVE-2025-22869 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read ... | 7.5 | HIGH | — | 0 |
| CVE-2024-10152 The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which ... | 7.1 | HIGH | — | 0 |
| CVE-2024-10483 The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | 7.1 | HIGH | — | 0 |
| CVE-2024-10563 The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-12737 The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-12878 The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used ... | 7.1 | HIGH | — | 0 |
| CVE-2024-13113 The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-13571 The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against... | 7.1 | HIGH | — | 0 |
| CVE-2024-13624 The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai... | 7.1 | HIGH | — | 0 |
| CVE-2024-39441 In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. | 7.1 | HIGH | — | 0 |
| CVE-2024-13402 The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-0767 WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-1746 Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL u... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-1747 HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying th... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-1748 HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying th... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-1749 HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. These vulnerabilities could allow an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying th... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-25916 wuzhicms v4.1.0 has a Cross Site Scripting (XSS) vulnerability in del function in \coreframe\app\member\admin\group.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-25430 Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page. | 4.8 | MEDIUM | — | 0 |
| CVE-2025-25431 Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page. | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.