Total
4889 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42936 | 1 Ruijie | 2 Reyee Os, Rg-ew300n | 2025-06-18 | 9.8 Critical |
| The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. | ||||
| CVE-2025-5420 | 1 Juzaweb | 1 Cms | 2025-06-18 | 3.5 Low |
| A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2021-38243 | 1 Xunruicms | 1 Xunruicms | 2025-06-18 | 9.8 Critical |
| xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | ||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-06-18 | 9.8 Critical |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | ||||
| CVE-2025-32106 | 1 Audiocodes | 6 Mp-112, Mp-112 Firmware, Mp-114 and 3 more | 2025-06-18 | 9.8 Critical |
| In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. | ||||
| CVE-2023-5800 | 1 Axis | 3 Axis Os, Axis Os 2020, Axis Os 2022 | 2025-06-17 | 5.4 Medium |
| Vintage, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API create_overlay.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2023-5677 | 1 Axis | 22 M3024-lve, M3024-lve Firmware, M3025-ve and 19 more | 2025-06-17 | 6.3 Medium |
| Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2021-22282 | 1 Br-automation | 1 Automation Studio | 2025-06-17 | 8.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. | ||||
| CVE-2024-0252 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-06-17 | 8.8 High |
| ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | ||||
| CVE-2024-30845 | 1 Rainbow External Link Network Disk Project | 1 Rainbow External Link Network Disk | 2025-06-17 | 6.1 Medium |
| Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | ||||
| CVE-2023-6494 | 1 Wpclever | 1 Wpc Smart Quick View For Woocommerce | 2025-06-17 | 4.4 Medium |
| The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-29500 | 2 Inteset, Secure Lockdown | 2 Secure Lockdown, Multi Application Edition | 2025-06-17 | 9.8 Critical |
| An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | ||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | 9.8 Critical |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | ||||
| CVE-2024-26362 | 3 Enpass, Linux, Microsoft | 4 Desktop Application, Password Manager, Linux Kernel and 1 more | 2025-06-17 | 8.8 High |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | ||||
| CVE-2024-29937 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-06-17 | 9.8 Critical |
| NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | ||||
| CVE-2024-29399 | 1 Gnu | 1 Savane | 2025-06-17 | 7.6 High |
| An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | ||||
| CVE-2024-25376 | 1 Thesycon | 2 Kg Tusbaudio Msi Based Installers, Tusbaudio | 2025-06-17 | 7.8 High |
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | ||||
| CVE-2025-6131 | 2025-06-17 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5507 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-06-17 | 2.4 Low |
| A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5506 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2025-06-17 | 2.4 Low |
| A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||