MatJosephs/CVEs

Releases0

Stars3

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-56463 ↗	Sep 26, 2025Friday, 26 September 2025, 16:15	6.8 MEDIUM	—
Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.
CVE-2025-55618 ↗	Aug 27, 2025Wednesday, 27 August 2025, 20:15	7.3 HIGH	—
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
CVE-2025-52358 ↗	Jul 29, 2025Tuesday, 29 July 2025, 14:15	6.3 MEDIUM	—
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's browser session.
CVE-2024-51431 ↗	Nov 1, 2024Friday, 1 November 2024, 17:15	9.8 CRITICAL	—
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
CVE-2024-51432 ↗	Nov 1, 2024Friday, 1 November 2024, 16:15	4.8 MEDIUM	—
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized
CVE-2023-48928 ↗	Dec 8, 2023Friday, 8 December 2023, 05:15	6.1 MEDIUM	—
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
CVE-2023-48929 ↗	Dec 8, 2023Friday, 8 December 2023, 05:15	9.8 CRITICAL	—
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.