CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1662 matches found

Vulnrichment•added 2025/10/28 2:33 p.m.•3 views

CVE-2025-34315 IPFire < v2.29 Stored XSS via Remote Syslog Server Address

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the REMOTELOGADDR parameter when updating the remote syslog server address. When a user updates the Remote loggin...

5.1CVSS5.6AI score0.00403EPSS

Exploits0References3

Positive Technologies•added 2025/10/28 12:0 a.m.•7 views

PT-2025-44174

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the...

5.4CVSS6AI score0.00403EPSS

Exploits0References6

CVE•added 2025/10/27 10:2 a.m.•10 views

CVE-2025-12260

CVE-2025-12260 concerns TOTOLINK A3300R (firmware 17.0.0cu.557_B20221024). The vulnerability lies in the function setSyslogCfg within the file /cgi-bin/cstecgi.cgi, in the POST Parameter Handler, where manipulation of the enable argument leads to a stack-based buffer overflow. The issue is exploi...

9CVSS8.7AI score0.0093EPSS

Exploits1References5Affected Software1

VulnCheck KEV•added 2025/10/09 12:0 a.m.•4 views

VulnCheck KEV: CVE-2017-18369

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the advremotelog.asp page and can be exploited through the syslogServerAd...

10CVSS5.8AI score0.67644EPSS

In wildExploits2References3