Total
306910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-10027 | 2025-08-06 | N/A | N/A | ||
| WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution. | |||||
| CVE-2012-10022 | 2025-08-06 | N/A | N/A | ||
| Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication. | |||||
| CVE-2023-35748 | 1 Dlink | 2 Dap-2622, Dap-2622 Firmware | 2025-08-06 | N/A | 8.8 HIGH |
| D-Link DAP-2622 DDP Firmware Upgrade Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20076. | |||||
| CVE-2023-35749 | 1 Dlink | 2 Dap-2622, Dap-2622 Firmware | 2025-08-06 | N/A | 8.8 HIGH |
| D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20077. | |||||
| CVE-2023-37325 | 1 Dlink | 2 Dap-2622, Dap-2622 Firmware | 2025-08-06 | N/A | 5.4 MEDIUM |
| D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. . Was ZDI-CAN-20104. | |||||
| CVE-2024-5242 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-08-06 | N/A | 7.5 HIGH |
| TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522. | |||||
| CVE-2024-5228 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-08-06 | N/A | 7.5 HIGH |
| TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383. | |||||
| CVE-2024-5227 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-08-06 | N/A | 7.5 HIGH |
| TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446. | |||||
| CVE-2025-20128 | 2 Cisco, Clamav | 3 Secure Endpoint, Secure Endpoint Private Cloud, Clamav | 2025-08-06 | N/A | 5.3 MEDIUM |
| A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-8319 | 1 Barracuda | 1 Message Archiver Firmware | 2025-08-06 | N/A | 6.1 MEDIUM |
| the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter | |||||
| CVE-2020-3538 | 1 Cisco | 1 Data Center Network Manager | 2025-08-06 | N/A | 4.6 MEDIUM |
| A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2020-3420 | 1 Cisco | 1 Unified Communications Manager | 2025-08-06 | N/A | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability. | |||||
| CVE-2025-54656 | 1 Apache | 1 Struts Extras | 2025-08-06 | N/A | 6.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-46958 | 1 Adobe | 1 Experience Manager | 2025-08-06 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2024-20271 | 1 Cisco | 14 Business 140ac, Business 140ac Access Point, Business 141acm and 11 more | 2025-08-06 | N/A | 8.6 HIGH |
| A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets. | |||||
| CVE-2020-26062 | 1 Cisco | 1 Unified Computing System | 2025-08-06 | N/A | 5.3 MEDIUM |
| A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability. | |||||
| CVE-2023-39180 | 1 Linux | 1 Linux Kernel | 2025-08-06 | N/A | 4.0 MEDIUM |
| A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. | |||||
| CVE-2023-39179 | 1 Linux | 1 Linux Kernel | 2025-08-06 | N/A | 7.5 HIGH |
| A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | |||||
| CVE-2023-39176 | 1 Linux | 1 Linux Kernel | 2025-08-06 | N/A | 5.8 MEDIUM |
| A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | |||||
| CVE-2023-43091 | 1 Gnome | 1 Gnome-maps | 2025-08-06 | N/A | 9.8 CRITICAL |
| A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. | |||||