Total
318835 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60685 | 1 Totolink | 2 A720r, A720r Firmware | 2025-11-17 | N/A | 5.1 MEDIUM |
| A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device. | |||||
| CVE-2024-38475 | 3 Apache, Netapp, Sonicwall | 12 Http Server, Ontap 9, Sma 200 and 9 more | 2025-11-17 | N/A | 9.1 CRITICAL |
| Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. | |||||
| CVE-2024-30127 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.2 LOW |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | |||||
| CVE-2022-44759 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.6 MEDIUM |
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | |||||
| CVE-2023-37516 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.2 LOW |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. | |||||
| CVE-2022-44760 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.6 MEDIUM |
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | |||||
| CVE-2024-30147 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 6.5 MEDIUM |
| Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | |||||
| CVE-2024-30114 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.7 LOW |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | |||||
| CVE-2024-30113 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 6.3 MEDIUM |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | |||||
| CVE-2023-45720 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 5.3 MEDIUM |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | |||||
| CVE-2023-37534 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 7.1 HIGH |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | |||||
| CVE-2024-30148 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.1 MEDIUM |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | |||||
| CVE-2025-8114 | 1 Libssh | 1 Libssh | 2025-11-17 | N/A | 4.7 MEDIUM |
| A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. | |||||
| CVE-2015-0311 | 5 Adobe, Apple, Linux and 2 more | 14 Flash Player, Mac Os X, Linux Kernel and 11 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | |||||
| CVE-2012-0754 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-11-17 | 9.3 HIGH | 8.1 HIGH |
| Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2025-64369 | 2025-11-17 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in codepeople Contact Form Email contact-form-to-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form Email: from n/a through <= 1.3.58. | |||||
| CVE-2025-64276 | 2025-11-17 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4. | |||||
| CVE-2020-25019 | 1 Jitsi | 1 Meet Electron | 2025-11-17 | 4.3 MEDIUM | 7.5 HIGH |
| jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
| CVE-2019-9053 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter. | |||||
| CVE-2016-4171 | 8 Adobe, Apple, Google and 5 more | 14 Flash Player, Mac Os X, Macos and 11 more | 2025-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. | |||||