Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34404 | 1 Dell | 1 System Update | 2025-03-26 | 6.5 Medium |
| Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. | ||||
| CVE-2025-2819 | 2025-03-26 | 6.6 Medium | ||
| There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user. | ||||
| CVE-2025-2820 | 2025-03-26 | 6.5 Medium | ||
| An authenticated attacker can compromise the availability of the device via the network | ||||
| CVE-2025-30524 | 2025-03-26 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog allows SQL Injection. This issue affects Product Catalog: from n/a through 1.0.4. | ||||
| CVE-2025-30118 | 2025-03-26 | 7.5 High | ||
| An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks. | ||||
| CVE-2025-29315 | 2025-03-26 | 9.8 Critical | ||
| An issue in the Shiro-based RBAC (Role-based Access Control) mechanism of OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to execute privileged operations via a crafted request. | ||||
| CVE-2025-29312 | 2025-03-26 | 9.1 Critical | ||
| An issue in onos v2.7.0 allows attackers to trigger unexpected behavior within a device connected to a legacy switch via changing the link type from indirect to direct. | ||||
| CVE-2025-29311 | 2025-03-26 | 7.5 High | ||
| Limited secret space in LLDP packets used in onos v2.7.0 allows attackers to obtain the private key via a bruteforce attack. Attackers are able to leverage this vulnerability into creating crafted LLDP packets. | ||||
| CVE-2025-29310 | 2025-03-26 | 9.8 Critical | ||
| An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information. | ||||
| CVE-2025-29135 | 2025-03-26 | 9.8 Critical | ||
| A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.06.44 allows a remote attacker to execute arbitrary code through a stack overflow attack using the security parameter of the formWifiBasicSet function. | ||||
| CVE-2025-29100 | 2025-03-26 | 9.8 Critical | ||
| Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the parameter list. | ||||
| CVE-2025-28942 | 2025-03-26 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust Payments Gateway for WooCommerce allows SQL Injection. This issue affects Trust Payments Gateway for WooCommerce: from n/a through 1.1.4. | ||||
| CVE-2025-28939 | 2025-03-26 | 8.5 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Google Calendar Manager allows Blind SQL Injection. This issue affects WP Google Calendar Manager: from n/a through 2.1. | ||||
| CVE-2025-28935 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in puzich Fancybox Plus allows Reflected XSS. This issue affects Fancybox Plus: from n/a through 1.0.1. | ||||
| CVE-2025-28934 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Simple Post Series allows Reflected XSS. This issue affects Simple Post Series: from n/a through 2.4.4. | ||||
| CVE-2025-28928 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sureshdsk Are you robot google recaptcha for wordpress allows Reflected XSS. This issue affects Are you robot google recaptcha for wordpress: from n/a through 2.2. | ||||
| CVE-2025-28924 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ZenphotoPress allows Reflected XSS. This issue affects ZenphotoPress: from n/a through 1.8. | ||||
| CVE-2025-28921 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SpatialMatch IDX allows Reflected XSS. This issue affects SpatialMatch IDX: from n/a through 3.0.9. | ||||
| CVE-2025-28917 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2. | ||||
| CVE-2025-28911 | 2025-03-26 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF allows Reflected XSS. This issue affects Gravity 2 PDF: from n/a through 3.1.3. | ||||