Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33217 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-03-17 | 7.5 High |
| Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter in ip/goform/addressNat. | ||||
| CVE-2025-2365 | 2025-03-17 | 6.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48826 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | 8 High |
| Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | ||||
| CVE-2024-48825 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | 8 High |
| Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code. | ||||
| CVE-2025-1724 | 2025-03-17 | 7.4 High | ||
| Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token. | ||||
| CVE-2024-32301 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | 9.8 Critical |
| Tenda AC7V1.0 v15.03.06.44 firmware has a stack overflow vulnerability via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2024-32281 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2025-03-17 | 8.8 High |
| Tenda AC7V1.0 v15.03.06.44 firmware contains a command injection vulnerablility in formexeCommand function via the cmdinput parameter. | ||||
| CVE-2025-2366 | 2025-03-17 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-35580 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-17 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. | ||||
| CVE-2024-35579 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-17 | 7.7 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. | ||||
| CVE-2024-35578 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-17 | 8 High |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. | ||||
| CVE-2024-35576 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-17 | 5.2 Medium |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. | ||||
| CVE-2025-2367 | 2025-03-17 | 6.3 Medium | ||
| A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-35571 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2025-03-17 | 9.8 Critical |
| Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | ||||
| CVE-2025-25675 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | 9.8 Critical |
| Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. The str variable receives the cmdinput parameter from a POST request and is later assigned to the cmd_buf variable, which is directly used in the doSystemCmd function, causing an arbitrary command execution. | ||||
| CVE-2025-29788 | 2025-03-17 | 6.5 Medium | ||
| The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after initiating the PayPal Express Checkout process, PayPal will not receive the updated total amount. As a result, PayPal captures only the initially transmitted amount, while Sylius incorrectly considers the order fully paid based on the modified total. This flaw can be exploited both accidentally and intentionally, potentially enabling fraud by allowing customers to pay less than the actual order value. Attackers can intentionally pay less than the actual total order amount, business owners may suffer financial losses due to underpaid orders, and integrity of payment processing is compromised. The issue is fixed in versions 1.6.1, 1.7.1, 2.0.1, and above. To resolve the problem in the end application without updating to the newest patches, there is a need to overwrite `ProcessPayPalOrderAction`, `CompletePayPalOrderFromPaymentPageAction`, and `CaptureAction` with modified logic. | ||||
| CVE-2025-25674 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | 9.8 Critical |
| Tenda AC10 V1.0 V15.03.06.23 is vulnerable to Buffer Overflow in form_fast_setting_wifi_set via the parameter ssid. | ||||
| CVE-2024-32317 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-03-17 | 7.5 High |
| Tenda AC10 v4.0 V16.03.10.13 and V16.03.10.20 firmware has a stack overflow vulnerability via the adslPwd parameter in the formWanParameterSetting function. | ||||
| CVE-2024-32306 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2025-03-17 | 5.7 Medium |
| Tenda AC10U v1.0 Firmware v15.03.06.49 has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. | ||||
| CVE-2025-2340 | 2025-03-17 | 2.4 Low | ||
| A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | ||||