Total CVEs

142,888

Critical Severity

4,037

High Severity

14,476

Last 7 Days

1,322
Quick preset (or use dates below)
Clear Filters
Showing 14,841 - 14,860 of 14,892 CVEs
CVE-2018-25149 MEDIUM - 6.5

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users...

Vendor: microhardcorp
Product: ipn4g_firmware
Published: Dec 24, 2025
Source: NVD
CVE-2018-25146 MEDIUM - 6.5

Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disrup...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25145 MEDIUM - 6.5

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and �...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25144 MEDIUM - 5.5

Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'de...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25133 MEDIUM - 4.3

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administr...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25130 MEDIUM - 6.2

Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access t...

Published: Dec 24, 2025
Source: NVD
CVE-2018-25127 MEDIUM - 5.3

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users in...

Published: Dec 24, 2025
Source: NVD
CVE-2025-36154 MEDIUM - 6.2

IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.

Vendor: ibm
Product: concert
Published: Dec 24, 2025
Source: NVD
CVE-2024-40317 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP.

Vendor: airc
Product: mynet
Published: Dec 24, 2025
Source: NVD
CVE-2024-39037 MEDIUM - 6.5

MyNET up to v26.08.316 was discovered to contain an Unauthenticated SQL Injection vulnerability via the intmenu parameter.

Vendor: airc
Product: mynet
Published: Dec 24, 2025
Source: NVD
CVE-2024-35322 MEDIUM - 6.1

MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ficheiro parameter.

Vendor: airc
Product: mynet
Published: Dec 24, 2025
Source: NVD
CVE-2025-60935 MEDIUM - 6.1

An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.

Vendor: returnfi
Product: blitz
Published: Dec 24, 2025
Source: NVD
CVE-2025-2154 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68605 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Post Grid and Gutenberg Blocks post-grid allows Stored XSS.This issue affects Post Grid and Gutenberg Blocks: from n/a through <= 2.3.18.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68602 MEDIUM - 6.1

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68599 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through <= 5.4.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68598 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiveComposer Page Builder: Live Composer live-composer-page-builder allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through <= 2.0.5.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68597 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through <= 2.7.17.

Published: Dec 24, 2025
Source: NVD
CVE-2025-68574 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Elements: from n/a through <= 1.0.4.3...

Published: Dec 24, 2025
Source: NVD
CVE-2025-68566 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.

Published: Dec 24, 2025
Source: NVD