5.3

CVSS3.1

CVE-2025-29521 -

Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Sept. 2, 2025, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-29524 -

Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2025-29519 -

A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Sept. 2, 2025, 6:16 p.m.

8.5

CVSS3.1

CVE-2025-56216 - Hospital Management System SQL Injection via pagetitle Parameter

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: April 22, 2026, 10:30 p.m.

8.8

CVSS3.1

CVE-2025-55409 -

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Sept. 9, 2025, 7:12 p.m.

7

CVSS3.1

CVE-2025-51281 -

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long values for these parameters.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Oct. 1, 2025, 8 p.m.

6.1

CVSS3.1

CVE-2024-39923 -

An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in per…

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Sept. 5, 2025, 5:04 p.m.

5.3

CVSS3.1

CVE-2025-29520 -

Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Sept. 2, 2025, 6:16 p.m.

9.8

CVSS3.1

CVE-2025-55575 -

SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail.

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-50900 -

An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-decoded request path, and then determine wheth…

πŸ“… Published: Aug. 25, 2025, midnight πŸ”„ Last Modified: Oct. 9, 2025, 5:54 p.m.
Total resulsts: 349182
Page 4153 of 34,919
Β« previous page Β» next page
Filters