Browse CVEs

This vulnerability in MediaTek modems allows remote denial of service through improper input validation. Attackers can crash affected devices by conne...

This vulnerability in MediaTek modems allows remote denial of service via system crash when a device connects to a malicious base station. Attackers c...

CVE-2025-9974 is an OS command injection vulnerability in the unified WEBUI application of Nokia ONT/Beacon devices. Authenticated attackers with low ...

This vulnerability in Keycloak's CIBA (Client Initiated Backchannel Authentication) feature allows attackers to make blind server-side requests to int...

A cross-site scripting vulnerability in the email function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary user...

A cross-site scripting vulnerability in the Message function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary us...

An improper input verification vulnerability in Cybozu Garoon allows attackers to modify portal settings without proper authorization. This could bloc...

The Five Star Restaurant Reservations WordPress plugin before version 2.7.9 lacks CSRF protection on some bulk actions, allowing attackers to trick lo...

The Library Viewer WordPress plugin before version 3.2.0 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized parameters ar...

This SQL injection vulnerability in JeecgBoot 3.9.0 allows remote attackers to execute arbitrary SQL commands through the Online Report API's loadDict...

A vulnerability in fog-kubevirt allows remote attackers to perform Man-in-the-Middle attacks by intercepting communications between Satellite and Open...

This vulnerability in foreman_kubevirt disables SSL certificate verification by default when connecting to OpenShift without an explicitly set CA cert...

This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against the Medical Certificate Generator App 1.0, enabling u...

This vulnerability allows Keycloak administrators with limited privileges to access sensitive custom user attributes that should be hidden by User Pro...

An unauthenticated attacker can upload arbitrary files to MagicInfo9 Server, leading to remote code execution and privilege escalation. This affects M...

CVE-2026-24788 is an OS command injection vulnerability in RaspAP raspap-webgui that allows authenticated users to execute arbitrary commands on the u...

This CVE describes a cross-site scripting (XSS) vulnerability in D-Link DSL-6641K routers running firmware version N8.TR069.20131126. Attackers can in...

This CVE describes a backdoor vulnerability in the EFM ipTIME A8004T router's debug interface. Attackers can remotely manipulate the 'cmd' parameter t...

This vulnerability allows remote attackers to upload arbitrary files to the EFM ipTIME A8004T router via the VPN service component. Attackers can expl...

This CVE describes an authentication bypass vulnerability in DJI drone models (Mavic Mini, Air, Spark, Mini SE) through capture-replay attacks on the ...

This vulnerability allows remote attackers to bypass authentication on EFM ipTIME A8004T routers via improper authentication in the Hidden Hiddenlogin...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the CreateBearerRequest handler, potentially causing denial ...

CVE-2026-1738 is a reachable assertion vulnerability in Open5GS SGWC component that allows remote attackers to cause denial of service by manipulating...

A null pointer dereference vulnerability in Free5GC's Policy Control Function (PCF) allows remote attackers to cause denial of service by crashing the...

An improper access control vulnerability in ASUS Secure Delete Driver allows local users to create arbitrary files in specified paths by sending speci...

This CVE describes a command injection vulnerability in Yealink MeetingBar A30's Diagnostic Handler component. Attackers with physical access to the d...

A reachable assertion vulnerability in Open5GS SGWC component allows remote attackers to cause denial of service by sending specially crafted requests...

This vulnerability allows unauthorized remote access to the crontab endpoint in Zhong Bang CRMEB versions up to 5.6.3. Attackers can exploit this miss...

This CVE describes an improper authorization vulnerability in Zhong Bang CRMEB's store integration API endpoint. Attackers can manipulate the order_id...

OpenClaw (also known as clawdbot or Moltbot) versions before 2026.1.29 automatically establish WebSocket connections using gatewayUrl values from quer...

CVE-2020-37055 is an unquoted service path vulnerability in SpyHunter 4 that allows local attackers to execute arbitrary code with SYSTEM privileges. ...

CVE-2020-37061 is an unquoted service path vulnerability in BOOTP Turbo 2.0.1214 that allows local attackers to execute arbitrary code with SYSTEM pri...

CVE-2020-37062 is an unquoted service path vulnerability in DHCP Turbo that allows local attackers to execute arbitrary code with elevated privileges....

CVE-2020-37063 is an unquoted service path vulnerability in TFTP Turbo that allows local attackers to execute arbitrary code with elevated SYSTEM priv...

CVE-2020-37064 is an unquoted service path vulnerability in EPSON EasyMP Network Projection software that allows local attackers to execute arbitrary ...

CVE-2020-37045 is an unquoted service path vulnerability in Veritas NetBackup 7.0's INET Daemon service. This allows local attackers to place maliciou...

CVE-2020-37047 is an unquoted service path vulnerability in Deep Instinct Windows Agent that allows local attackers to execute arbitrary code with Loc...

CVE-2020-37048 is an unquoted service path vulnerability in Iskysoft Application Framework Service that allows local attackers to execute arbitrary co...

CVE-2020-37037 is an unquoted service path vulnerability in Avast SecureLine VPN client that allows local attackers to execute arbitrary code with SYS...

QWE DL 2.0.1 mobile web application has a persistent cross-site scripting (XSS) vulnerability in path parameters that allows attackers to inject malic...

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting (XSS) vulnerability in the name parameter. Attackers can inject malicious scr...

BootCommerce 3.2.1 contains persistent cross-site scripting (XSS) vulnerabilities in guest order checkout input fields. Attackers can inject malicious...

CVE-2022-50942 is a client-side cross-site scripting vulnerability in Icinga Web 2.8.2 that allows attackers to inject malicious scripts through the i...

Webile 1.0.1 contains an unauthenticated directory traversal vulnerability that allows attackers to manipulate file paths and access sensitive system ...

WiFi File Transfer 1.0.8 has a persistent cross-site scripting vulnerability where attackers can inject malicious JavaScript through file and folder n...

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the profile name input field. Attackers can i...

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious scri...