Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29322 | 2025-03-26 | N/A | ||
| A cross-site scripting (XSS) vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages. | ||||
| CVE-2025-26004 | 2025-03-26 | N/A | ||
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. | ||||
| CVE-2025-26003 | 2025-03-26 | N/A | ||
| Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. | ||||
| CVE-2025-26002 | 2025-03-26 | N/A | ||
| Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. | ||||
| CVE-2025-26001 | 2025-03-26 | N/A | ||
| Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. | ||||
| CVE-2025-25535 | 2025-03-26 | N/A | ||
| HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. | ||||
| CVE-2024-13146 | 2025-03-26 | 8.8 High | ||
| The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack | ||||
| CVE-2024-12683 | 2025-03-26 | 3.5 Low | ||
| The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-11847 | 2025-03-26 | 4.8 Medium | ||
| The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks. | ||||
| CVE-2023-24197 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | ||||
| CVE-2023-24195 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | ||||
| CVE-2023-24194 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | ||||
| CVE-2023-24192 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | ||||
| CVE-2023-24191 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-26 | 6.1 Medium |
| Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | ||||
| CVE-2023-24147 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 7.5 High |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. | ||||
| CVE-2023-24146 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | ||||
| CVE-2023-24145 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | ||||
| CVE-2023-24144 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | ||||
| CVE-2023-24143 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | ||||
| CVE-2023-24142 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2025-03-26 | 9.8 Critical |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | ||||