Total
5406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51820 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2025-06-20 | 6.8 Medium |
| An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | ||||
| CVE-2024-23750 | 1 Deepwisdom | 1 Metagpt | 2025-06-20 | 8.8 High |
| MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | ||||
| CVE-2024-31648 | 1 Munyweki | 1 Insurance Management System | 2025-06-20 | 6.1 Medium |
| Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. | ||||
| CVE-2024-56072 | 1 Pavel-odintsov | 1 Fastnetmon | 2025-06-20 | 7.5 High |
| An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples. | ||||
| CVE-2024-37773 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | 4.8 Medium |
| An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. | ||||
| CVE-2024-38396 | 1 Iterm2 | 1 Iterm2 | 2025-06-20 | 9.8 Critical |
| An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395. | ||||
| CVE-2025-47916 | 1 Invisioncommunity | 2 Invision Power Board, Invisioncommunity | 2025-06-20 | 10 Critical |
| Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings. | ||||
| CVE-2023-46226 | 1 Apache | 1 Iotdb | 2025-06-20 | 9.8 Critical |
| Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | ||||
| CVE-2023-22526 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-06-20 | 8.8 High |
| This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program | ||||
| CVE-2025-1155 | 1 Webkul | 1 Qloapps | 2025-06-20 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term. | ||||
| CVE-2025-1114 | 1 Newbee-mall Project | 1 Newbee-mall | 2025-06-20 | 3.5 Low |
| A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2023-32383 | 1 Apple | 1 Macos | 2025-06-20 | 7.8 High |
| This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode. | ||||
| CVE-2025-5886 | 1 Emlog | 1 Emlog | 2025-06-20 | 3.5 Low |
| A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29058 | 1 Qimou Cms Project | 1 Qimou Cms | 2025-06-19 | 9.8 Critical |
| An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component. | ||||
| CVE-2024-38395 | 1 Iterm2 | 1 Iterm2 | 2025-06-18 | 9.8 Critical |
| In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." | ||||
| CVE-2024-42936 | 1 Ruijie | 2 Reyee Os, Rg-ew300n | 2025-06-18 | 9.8 Critical |
| The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. | ||||
| CVE-2025-5420 | 1 Juzaweb | 1 Cms | 2025-06-18 | 3.5 Low |
| A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-38243 | 1 Xunruicms | 1 Xunruicms | 2025-06-18 | 9.8 Critical |
| xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | ||||
| CVE-2025-32106 | 1 Audiocodes | 6 Mp-112, Mp-112 Firmware, Mp-114 and 3 more | 2025-06-18 | 9.8 Critical |
| In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. | ||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2025-06-17 | 5.4 Medium |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||