Total 320194 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-14007 2025-12-04 2 Low
A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation results in cross site scripting. The attack may be performed from remote. A high complexity level is associated with this attack. It is indicated that the exploitability is difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14006 2025-12-04 3.5 Low
A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument data[name] leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-11222 2025-12-04 6.1 Medium
Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to untrusted sites via specially crafted URLs, potentially facilitating phishing attacks and credential theft.
CVE-2024-5401 2025-12-04 4.3 Medium
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to obtain privileges without consent via unspecified vectors.
CVE-2024-45539 2025-12-04 7.5 High
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.
CVE-2024-45538 2025-12-04 9.6 Critical
Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2017-1303 1 Ibm 1 Websphere Portal 2025-12-04 6.1 Medium
IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125457.
CVE-2017-13689 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
CVE-2017-13688 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
CVE-2017-13687 3 Debian, Redhat, Tcpdump 3 Debian Linux, Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
CVE-2017-13055 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().
CVE-2017-13054 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
CVE-2017-13053 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
CVE-2017-13050 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().
CVE-2017-13048 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
CVE-2017-13047 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
CVE-2017-13045 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().
CVE-2017-13041 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
CVE-2017-13040 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
CVE-2017-13038 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-12-04 9.8 Critical
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().