Total
302340 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55913 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2025-07-16 | 5.3 Medium |
| IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | ||||
| CVE-2025-20972 | 1 Samsung | 1 Flow | 2025-07-16 | 6.2 Medium |
| Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration. | ||||
| CVE-2025-46610 | 1 Artec-it | 1 Enterprise Mail Archive | 2025-07-16 | 8.8 High |
| ARTEC EMA Mail 6.92 allows CSRF. | ||||
| CVE-2025-20922 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | ||||
| CVE-2025-7421 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7422 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulation of the argument week leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7423 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component httpd. The manipulation of the argument macList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7434 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7436 | 1 Campcodes | 1 Online Recruitment Management System | 2025-07-16 | 7.3 High |
| A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_vacancy. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7407 | 1 Netgear | 2 D6400, D6400 Firmware | 2025-07-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-7417 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7418 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7419 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7420 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7408 | 1 Pushpam02 | 1 Zoo Management System | 2025-07-16 | 3.5 Low |
| A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6674 | 1 Gabderrahim | 1 Ckeditor5 Youtube | 2025-07-16 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3. | ||||
| CVE-2025-20924 | 1 Samsung | 1 Notes | 2025-07-16 | 4.6 Medium |
| Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. | ||||
| CVE-2025-20925 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory. | ||||
| CVE-2025-20927 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. | ||||
| CVE-2025-5234 | 1 Jegstudio | 1 Gutenverse News | 2025-07-16 | 6.4 Medium |
| The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||