CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

OSV•added 2025/12/11 6:16 p.m.•2 views

CVE-2025-66918

edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting XSS in admin/add-session.php via the "title" parameter...

8.8CVSS5.8AI score0.00127EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-45184

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01676EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 9:2 a.m.•0 views

CVE-2024-38991

akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

8.8CVSS6.2AI score0.00283EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:0 p.m.•3 views

CVE-2020-20128

LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers...

7.5CVSS6.5AI score0.00148EPSS

Exploits1

RedhatCVE•added 2025/02/08 4:28 a.m.•4 views

CVE-2024-57084

A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

7.5CVSS6.7AI score0.00191EPSS

Exploits0References1

Vulnrichment•added 2025/02/05 12:0 a.m.•6 views

CVE-2024-57084

A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

6.7AI score0.00191EPSS

Exploits0References1

Github Security Blog•added 2025/01/30 7:28 p.m.•4 views

Soundness issue with Plonky2 look up tables

Impact Lookup tables, whose length is not divisible by 26 = floornumroutedwires / 3 always include the 0 - 0 input-output pair. Thus a malicious prover can always prove that f0 = 0 for any lookup table f unless its length happens to be divisible by 26. The cause of problem is that the...

8.6CVSS6.6AI score0.00119EPSS

Exploits0References5Affected Software1

OSV•added 2025/01/30 7:28 p.m.•1 views

GHSA-HJ49-H7FQ-PX5H Soundness issue with Plonky2 look up tables

8.6CVSS8.4AI score0.00119EPSS

Exploits0References5

Positive Technologies•added 2025/01/10 12:0 a.m.•4 views

PT-2025-3412 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: A command injection issue was discovered, affecting the reset wifi function through the devname parameter. This allows for potential exploitation. No information is provided about the...

6.3CVSS7.6AI score0.0158EPSS

Exploits1References4

NVD•added 2024/07/23 3:15 p.m.•19 views

CVE-2024-41319

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function...

9.8CVSS0.50527EPSS

Exploits2References2

Positive Technologies•added 2024/07/23 12:0 a.m.•3 views

PT-2024-5358 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: The issue is related to the cmd parameter in the webcmd function of the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in the operating system...

9.8CVSS8.2AI score0.50527EPSS

Exploits2References6

NVD•added 2024/07/22 2:15 p.m.•15 views

CVE-2024-41318

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcliwpsgenpincode function...

9.8CVSS0.03043EPSS

Exploits1References2

NVD•added 2024/07/22 2:15 p.m.•12 views

CVE-2024-41314

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vifdisable function...

6.8CVSS0.00234EPSS

Exploits1References2

NVD•added 2024/07/22 2:15 p.m.•13 views

CVE-2024-41316

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclicancelwps function...

9.8CVSS0.0235EPSS

Exploits1References2

NVD•added 2024/07/22 2:15 p.m.•13 views

CVE-2024-41317

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

8CVSS0.0061EPSS

Exploits1References2

CVE•added 2024/07/22 12:0 a.m.•33 views

CVE-2024-41315

CVE-2024-41315 affects TOTOLINK A6000R (v1.0.1-B20201211.2000). A command‑injection vulnerability exists in the function handle path apcli_do_enr_pin_wps via the ifname parameter. Public sources describe that an attacker can exploit this to achieve arbitrary command execution. Several connected r...

6.8CVSS7.8AI score0.00234EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2024/07/22 12:0 a.m.•15 views

CVE-2024-41314

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vifdisable function...

8AI score0.00234EPSS

Exploits1References2

Cvelist•added 2024/07/22 12:0 a.m.•13 views

CVE-2024-41317

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclidoenrpbcwps function...

0.0061EPSS

Exploits1References2

Positive Technologies•added 2024/07/22 12:0 a.m.•3 views

PT-2024-8129 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: The issue is related to the apcli cancel wps function in the TOTOLINK A6000R router's firmware, which fails to neutralize special elements used in an operating system command. This ca...

10CVSS8.2AI score0.0235EPSS

Exploits1References6

Cvelist•added 2024/07/22 12:0 a.m.•12 views

CVE-2024-41316

TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apclicancelwps function...

0.0235EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by