Full List

Search

Recent Vulnerabilities

• CVE-2024-40124 • published on April 17, 2025 Pydio Core = 8.2.5 is vulnerable to Cross Site Scripting (XSS) via the New URL Bookmark feature.
• CVE-2024-53924 • published on April 17, 2025 Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.
• CVE-2024-55211 • published on April 17, 2025 An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.
• CVE-2024-55238 • published on April 17, 2025 OpenMetadata =1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
• CVE-2024-56518 • published on April 17, 2025 Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.
• CVE-2025-25457 • published on April 17, 2025 Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via cloneType2.
• CVE-2025-25455 • published on April 17, 2025 Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.
• CVE-2025-25454 • published on April 17, 2025 Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.
• CVE-2025-26268 • published on April 17, 2025 DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.
• CVE-2025-26269 • published on April 17, 2025 DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.
• CVE-2025-28009 • published on April 17, 2025 A SQL Injection vulnerability exists in the `u` parameter of the progress-body-weight.php endpoint of Dietiqa App v1.0.20.
• CVE-2025-28101 • published on April 17, 2025 An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.
• CVE-2025-29015 • published on April 17, 2025 Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
• CVE-2025-29039 • published on April 17, 2025 An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8
• CVE-2025-29040 • published on April 17, 2025 An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41737c
• CVE-2025-29041 • published on April 17, 2025 An issue in dlink DIR 823x 240802 allows a remote attacker to execute arbitrary code via the target_addr key value and the function 0x41710c
• CVE-2025-29042 • published on April 17, 2025 An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the macaddr key value to the function 0x42232c
• CVE-2025-29043 • published on April 17, 2025 An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x417234
• CVE-2025-29044 • published on April 17, 2025 Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value
• CVE-2025-29046 • published on April 17, 2025 Buffer Overflow vulnerability inALFA WiFi CampPro router ALFA_CAMPRO-co-2.29 allows a remote attacker to execute arbitrary code via the GAPSMinute3 key value