Total
4711 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-42733 | 1 Docmosis | 1 Tornado | 2025-06-23 | N/A | 9.8 CRITICAL |
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input | |||||
CVE-2025-44022 | 1 Vvveb | 1 Vvveb | 2025-06-23 | N/A | 9.8 CRITICAL |
An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. | |||||
CVE-2025-2123 | 1 Qbnz | 1 Geshi | 2025-06-23 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-40446 | 1 Ctan | 1 Mimetex | 2025-06-23 | N/A | 9.8 CRITICAL |
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script | |||||
CVE-2024-8523 | 1 Lmxcms | 1 Lmxcms | 2025-06-23 | 5.8 MEDIUM | 4.7 MEDIUM |
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2025-28386 | 1 Openc3 | 1 Cosmos | 2025-06-23 | N/A | 9.8 CRITICAL |
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file. | |||||
CVE-2025-3841 | 1 Wix | 1 Jam | 2025-06-23 | 1.7 LOW | 3.3 LOW |
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
CVE-2023-51820 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2025-06-20 | N/A | 6.8 MEDIUM |
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. | |||||
CVE-2024-23750 | 1 Deepwisdom | 1 Metagpt | 2025-06-20 | N/A | 8.8 HIGH |
MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | |||||
CVE-2024-31648 | 1 Munyweki | 1 Insurance Management System | 2025-06-20 | N/A | 6.1 MEDIUM |
Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2. | |||||
CVE-2024-56072 | 1 Pavel-odintsov | 1 Fastnetmon | 2025-06-20 | N/A | 7.5 HIGH |
An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples. | |||||
CVE-2024-37773 | 1 Sunbirddcim | 1 Dctrack | 2025-06-20 | N/A | 4.8 MEDIUM |
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. | |||||
CVE-2024-38396 | 1 Iterm2 | 1 Iterm2 | 2025-06-20 | N/A | 9.8 CRITICAL |
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395. | |||||
CVE-2025-47916 | 1 Invisioncommunity | 1 Invisioncommunity | 2025-06-20 | N/A | 10.0 CRITICAL |
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings. | |||||
CVE-2023-46226 | 1 Apache | 1 Iotdb | 2025-06-20 | N/A | 9.8 CRITICAL |
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | |||||
CVE-2023-22526 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-06-20 | N/A | 8.8 HIGH |
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program | |||||
CVE-2025-1155 | 1 Webkul | 1 Qloapps | 2025-06-20 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term. | |||||
CVE-2025-1114 | 1 Newbee-mall Project | 1 Newbee-mall | 2025-06-20 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
CVE-2023-32383 | 1 Apple | 1 Macos | 2025-06-20 | N/A | 7.8 HIGH |
This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode. | |||||
CVE-2025-5886 | 1 Emlog | 1 Emlog | 2025-06-20 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |