Total
323562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14969 | 2025-12-19 | 4.3 Medium | ||
| No description is available for this CVE. | ||||
| CVE-2025-67896 | 1 Exim | 1 Exim | 2025-12-18 | 7 High |
| Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation. | ||||
| CVE-2023-53881 | 2 Ruijie, Ruijienetworks | 2 Reyee Os, Reyee Os | 2025-12-18 | 8.1 High |
| ReyeeOS 1.204.1614 contains an unencrypted CWMP communication vulnerability that allows attackers to intercept and manipulate device communication through a man-in-the-middle attack. Attackers can create a fake CWMP server to inject and execute arbitrary commands on Ruijie Reyee Cloud devices by exploiting the unprotected HTTP polling requests. | ||||
| CVE-2023-53879 | 1 Eyemaxsystems | 1 Nvclient | 2025-12-18 | 5.5 Medium |
| NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition. | ||||
| CVE-2023-53877 | 1 Phpjabbers | 1 Bus Reservation System | 2025-12-18 | 9.8 Critical |
| Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database. | ||||
| CVE-2023-53876 | 1 Creativeitem | 1 Academy Lms | 2025-12-18 | 5.4 Medium |
| Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code. | ||||
| CVE-2023-53875 | 1 Gomlab | 1 Gom Player | 2025-12-18 | 8.8 High |
| GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction. | ||||
| CVE-2023-53874 | 1 Gomlab | 1 Gom Player | 2025-12-18 | 9.8 Critical |
| GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability. | ||||
| CVE-2023-53868 | 2 Coppermine, Coppermine-gallery | 3 Coppermine Photo Gallery, Gallery, Coppermine Photo Gallery | 2025-12-18 | 8.8 High |
| Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the uploaded plugin script. | ||||
| CVE-2023-38913 | 1 Anirbandutta9 | 1 News-buzz | 2025-12-18 | 5.3 Medium |
| SQL injection vulnerability in anirbandutta9 NEWS-BUZZ v.1.0 allows a remote attacker to execute arbitrary code via a crafted script. | ||||
| CVE-2023-36338 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-12-18 | 5.3 Medium |
| Inventory Management System 1 was discovered to contain a SQL injection vulnerability. | ||||
| CVE-2024-58306 | 1 Hans Alshoff | 1 Minalic | 2025-12-18 | N/A |
| minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests with excessive data to overwhelm the server and cause service interruption. | ||||
| CVE-2023-53883 | 1 Webedition | 1 Webedition Cms | 2025-12-18 | 7.2 High |
| Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server. | ||||
| CVE-2023-53884 | 1 Webedition | 1 Webedition Cms | 2025-12-18 | 5.4 Medium |
| Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users. | ||||
| CVE-2023-53885 | 1 Webutler | 1 Webutler | 2025-12-18 | 7.2 High |
| Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded file. | ||||
| CVE-2023-53886 | 1 Xlightftpd | 1 Xlight Ftp Server | 2025-12-18 | 7.5 High |
| Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition. | ||||
| CVE-2023-53889 | 2 Edgeofmyseat, Perch | 2 Perch, Perch Cms | 2025-12-18 | 7.2 High |
| Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server. | ||||
| CVE-2025-55310 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-18 | 7.3 High |
| An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. An attacker able to alter or replace the static HTML files used by the StartPage feature can cause the application to load malicious or compromised content upon startup. This may result in information disclosure, unauthorized data access, or other security impacts. | ||||
| CVE-2023-53890 | 2 Edgeofmyseat, Perch | 2 Perch, Perch Cms | 2025-12-18 | 5.4 Medium |
| Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks. | ||||
| CVE-2024-58307 | 1 Cszcms | 1 Cszcms | 2025-12-18 | N/A |
| CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information. | ||||