Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,388
Quick preset (or use dates below)
Clear Filters
Showing 14,201 - 14,220 of 14,400 CVEs
CVE-2025-68976 HIGH - 8.8

Missing Authorization vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68975 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in Eagle-Themes Eagle Booking eagle-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eagle Booking: from n/a through <= 1.3.4.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-15358 HIGH - 7.5

DVP-12SE11T - Denial of Service Vulnerability

Vendor: deltaww
Product: dvp-12se11t_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15234 HIGH - 8.8

A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the ...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15233 HIGH - 8.8

A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUI...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15232 HIGH - 8.8

A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit i...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15231 HIGH - 8.8

A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly ...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15230 HIGH - 8.8

A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exp...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15229 HIGH - 7.5

A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed ...

Vendor: tenda
Product: ch22_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15218 HIGH - 8.8

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument lanMask can lead to buffer overflow. The attac...

Vendor: tenda
Product: ac10u_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15217 HIGH - 8.8

A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.

Vendor: tenda
Product: ac23_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15216 HIGH - 8.8

A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and m...

Vendor: tenda
Product: ac23_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15215 HIGH - 8.8

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack re...

Vendor: tenda
Product: ac10u_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-69235 HIGH - 7.5

Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.

Vendor: navercorp
Product: whale
Published: Dec 30, 2025
Source: NVD
CVE-2025-69217 HIGH - 7.7

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's random() (i...

Published: Dec 30, 2025
Source: NVD
CVE-2025-68036 HIGH - 7.5

Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27.

Published: Dec 30, 2025
Source: NVD
CVE-2025-23554 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakub Glos Off Page SEO allows Reflected XSS.This issue affects Off Page SEO: from n/a through 3.0.3.

Published: Dec 30, 2025
Source: NVD
CVE-2025-23550 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller allows Reflected XSS.This issue affects Product Puller: from n/a through 1.5.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-23469 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sleekplan allows Reflected XSS.This issue affects Sleekplan: from n/a through 0.2.0.

Published: Dec 30, 2025
Source: NVD
CVE-2025-23458 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rakessh Ads24 Lite allows Reflected XSS.This issue affects Ads24 Lite: from n/a through 1.0.

Published: Dec 30, 2025
Source: NVD