Export limit exceeded: 337654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29502 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | 6.5 Medium |
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | ||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | 9.8 Critical |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | ||||
| CVE-2024-26362 | 3 Enpass, Linux, Microsoft | 4 Desktop Application, Password Manager, Linux Kernel and 1 more | 2025-06-17 | 8.8 High |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | ||||
| CVE-2024-29504 | 1 Summernote | 1 Summernote | 2025-06-17 | 7.6 High |
| Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. | ||||
| CVE-2024-27683 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-17 | 9.8 Critical |
| D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | ||||
| CVE-2024-29937 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-06-17 | 9.8 Critical |
| NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | ||||
| CVE-2024-30884 | 2 Codersclub, Discuz | 2 Discuz\!ml, Discuzx | 2025-06-17 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | ||||
| CVE-2024-29399 | 1 Gnu | 1 Savane | 2025-06-17 | 7.6 High |
| An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | ||||
| CVE-2024-30915 | 1 Objectcomputing | 1 Opendds | 2025-06-17 | 4.3 Medium |
| An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. | ||||
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2025-06-17 | 5.5 Medium |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | ||||
| CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | 6.3 Medium |
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | ||||
| CVE-2024-25376 | 1 Thesycon | 2 Kg Tusbaudio Msi Based Installers, Tusbaudio | 2025-06-17 | 7.8 High |
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | ||||
| CVE-2024-25852 | 1 Linksys | 2 Re7000, Re7000 Firmware | 2025-06-17 | 8.8 High |
| Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | ||||
| CVE-2025-49842 | 2025-06-17 | N/A | ||
| conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24. | ||||
| CVE-2025-49823 | 2025-06-17 | 0 Low | ||
| (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3. | ||||
| CVE-2025-3774 | 2025-06-17 | 7.2 High | ||
| The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-49849 | 2025-06-17 | N/A | ||
| An Out-of-bounds Read vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | ||||
| CVE-2025-49848 | 2025-06-17 | N/A | ||
| An Out-of-bounds Write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | ||||
| CVE-2025-49452 | 2025-06-17 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3. | ||||
| CVE-2025-49234 | 2025-06-17 | 6.5 Medium | ||
| Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Dummy Content Generator: from n/a through 3.4.6. | ||||