Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52970 | 1 Fortinet | 1 Fortiweb | 2025-08-15 | N/A | 8.1 HIGH |
| A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request. | |||||
| CVE-2022-45182 | 1 Pistar | 1 Pi-star Digital Voice Dashboard | 2025-05-01 | N/A | 9.8 CRITICAL |
| Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. | |||||
| CVE-2024-33433 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-04-09 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in TOTOLINK X2000R before v1.0.0-B20231213.1013 allows a remote attacker to execute arbitrary code via the Guest Access Control parameter in the Wireless Page. | |||||
| CVE-2024-24525 | 1 Epoint | 1 Epointwebbuilder | 2025-03-27 | N/A | 9.8 CRITICAL |
| An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. | |||||
| CVE-2024-31808 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | N/A | 8.8 HIGH |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. | |||||
| CVE-2023-7261 | 1 Google | 2 Chrome, Updater | 2025-03-14 | N/A | 7.8 HIGH |
| Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) | |||||
| CVE-2023-26549 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-19 | N/A | 7.5 HIGH |
| The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2024-25979 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-01-23 | N/A | 5.3 MEDIUM |
| The URL parameters accepted by forum search were not limited to the allowed parameters. | |||||
| CVE-2024-9329 | 1 Eclipse | 1 Glassfish | 2024-11-21 | N/A | 6.1 MEDIUM |
| In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2023-1419 | 2024-11-18 | N/A | 5.9 MEDIUM | ||
| A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data. | |||||
| CVE-2023-40819 | 1 Devlop.systems | 1 Id4portais | 2024-08-12 | N/A | 6.1 MEDIUM |
| ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability. | |||||