Total
4714 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1609 | 1 Weblizar | 1 School Management | 2025-06-02 | N/A | 9.8 CRITICAL |
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | |||||
CVE-2024-28811 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 3.3 LOW |
An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. | |||||
CVE-2025-44881 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | |||||
CVE-2021-29505 | 5 Debian, Fedoraproject, Netapp and 2 more | 17 Debian Linux, Fedora, Snapmanager and 14 more | 2025-05-30 | 6.5 MEDIUM | 7.5 HIGH |
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. | |||||
CVE-2022-34715 | 1 Microsoft | 1 Windows Server 2022 | 2025-05-29 | N/A | 9.8 CRITICAL |
Windows Network File System Remote Code Execution Vulnerability | |||||
CVE-2022-34714 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 8.1 HIGH |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
CVE-2022-35772 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-05-29 | N/A | 7.2 HIGH |
Azure Site Recovery Remote Code Execution Vulnerability | |||||
CVE-2022-35767 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 8.1 HIGH |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
CVE-2022-35766 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | N/A | 8.1 HIGH |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
CVE-2022-35779 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-05-29 | N/A | 7.8 HIGH |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||
CVE-2022-35777 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-05-29 | N/A | 8.8 HIGH |
Visual Studio Remote Code Execution Vulnerability | |||||
CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
CVE-2023-37518 | 1 Hcltech | 1 Bigfix Servicenow Data Flow | 2025-05-29 | N/A | 6.4 MEDIUM |
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | |||||
CVE-2025-32801 | 2025-05-29 | N/A | 7.8 HIGH | ||
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | |||||
CVE-2022-41138 | 1 Zutty Project | 1 Zutty | 2025-05-29 | N/A | 9.8 CRITICAL |
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. | |||||
CVE-2024-48061 | 1 Langflow | 1 Langflow | 2025-05-28 | N/A | 9.8 CRITICAL |
langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | |||||
CVE-2025-28146 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-28 | N/A | 9.8 CRITICAL |
Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel | |||||
CVE-2024-50704 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. | |||||
CVE-2024-50707 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | |||||
CVE-2025-2061 | 1 Fabianros | 1 Online Ticket Reservation System | 2025-05-28 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |