Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5749 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A | 8.8 HIGH |
| WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295. | |||||
| CVE-2023-50235 | 1 Hancom | 1 Office Show | 2025-08-14 | N/A | 7.8 HIGH |
| Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20387. | |||||
| CVE-2025-5751 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A | 6.8 MEDIUM |
| WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292. | |||||
| CVE-2025-5750 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A | N/A |
| WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294. | |||||
| CVE-2024-45077 | 1 Ibm | 1 Maximo Asset Management | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. | |||||
| CVE-2025-6790 | 2025-08-14 | N/A | N/A | ||
| The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2025-7761 | 2025-08-14 | N/A | N/A | ||
| Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did not respond in any way. Potentially all versions are vulnerable. | |||||
| CVE-2011-10014 | 2025-08-14 | N/A | N/A | ||
| GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable. | |||||
| CVE-2025-43988 | 2025-08-14 | N/A | N/A | ||
| KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. | |||||
| CVE-2025-8046 | 2025-08-14 | N/A | N/A | ||
| The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | |||||
| CVE-2011-10011 | 2025-08-14 | N/A | N/A | ||
| WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application. | |||||
| CVE-2025-51451 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-08-14 | N/A | 9.8 CRITICAL |
| In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | |||||
| CVE-2012-10059 | 2025-08-14 | N/A | N/A | ||
| Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | |||||
| CVE-2025-34154 | 2025-08-14 | N/A | N/A | ||
| UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system — including sensitive OS-level files — without authentication. | |||||
| CVE-2011-10009 | 2025-08-14 | N/A | N/A | ||
| S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks. | |||||
| CVE-2012-10054 | 2025-08-14 | N/A | N/A | ||
| Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely. | |||||
| CVE-2012-10058 | 2025-08-14 | N/A | N/A | ||
| RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process. | |||||
| CVE-2011-10010 | 2025-08-14 | N/A | N/A | ||
| QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement. | |||||
| CVE-2012-10060 | 2025-08-14 | N/A | N/A | ||
| Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service. | |||||
| CVE-2012-10057 | 2025-08-14 | N/A | N/A | ||
| Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges. | |||||