Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-5675
Campcodes Online Teacher Record Management System bwdates-reports-details.php sql injection
Description: A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in Campcodes Online Teacher Record Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /trms/admin/bwdates-reports-details.php. Mittels Manipulieren des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2025-5672
TOTOLINK N302R Plus HTTP POST Request formFilter buffer overflow
Description: A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK N302R Plus bis 3.4.0-B20201028 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /boafrm/formFilter der Komponente HTTP POST Request Handler. Durch Manipulation des Arguments url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2025-5671
TOTOLINK N302R Plus HTTP POST Request formPortFw buffer overflow
Description: A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in TOTOLINK N302R Plus bis 3.4.0-B20201028 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /boafrm/formPortFw der Komponente HTTP POST Request Handler. Durch die Manipulation des Arguments service_type mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2024-24399
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the...
Description: An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.

CVSS: HIGH (7.2)

EPSS Score: 0.98%

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2024-24311
Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version...
Description: Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction.

CVSS: HIGH (7.5)

EPSS Score: 0.12%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2024-24266
gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.
Description: gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.

CVSS: HIGH (7.5)

EPSS Score: 0.17%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2024-24258
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
Description: freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

CVSS: HIGH (7.5)

EPSS Score: 0.2%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (about 12 hours ago)

CVE-2024-22919
swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.
Description: swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (about 14 hours ago)

CVE-2024-22911
A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.
Description: A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE
June 5th, 2025 (about 14 hours ago)

CVE-2024-22895
DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.
Description: DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
June 5th, 2025 (about 14 hours ago)