Total
298807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25830 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | |||||
| CVE-2024-27719 | 1 Rems | 1 Faq Management System | 2025-06-10 | N/A | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attacker to obtain sensitive information via a crafted payload to the Frequently Asked Question field in the Add FAQ function. | |||||
| CVE-2025-5334 | 2025-06-10 | N/A | 7.5 HIGH | ||
| Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to private personal information. Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users. This issue affects the following versions : * Remote Desktop Manager Windows 2025.1.34.0 and earlier * Remote Desktop Manager macOS 2025.1.16.3 and earlier * Remote Desktop Manager Android 2025.1.3.3 and earlier * Remote Desktop Manager iOS 2025.1.6.0 and earlier | |||||
| CVE-2023-51761 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | N/A | 8.3 HIGH |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could bypass authentication and acquire admin capabilities. | |||||
| CVE-2023-43609 | 1 Emerson | 6 Gc1500xa, Gc1500xa Firmware, Gc370xa and 3 more | 2025-06-10 | N/A | 6.9 MEDIUM |
| In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. | |||||
| CVE-2024-48231 | 1 Funadmin | 1 Funadmin | 2025-06-10 | N/A | 7.2 HIGH |
| Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \backend\controller\auth\Auth.php. | |||||
| CVE-2024-48424 | 1 Assimp | 1 Assimp | 2025-06-10 | N/A | 5.5 MEDIUM |
| A heap-buffer-overflow vulnerability has been identified in the OpenDDLParser::parseStructure function within the Assimp library, specifically during the processing of OpenGEX files. | |||||
| CVE-2024-48425 | 1 Assimp | 1 Assimp | 2025-06-10 | N/A | 5.5 MEDIUM |
| A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMeshesProcess_Triangle::UpdateNode function within the Assimp library during fuzz testing using AddressSanitizer. The crash occurs due to a read access violation at address 0x000000000460, which points to the zero page, indicating a null or invalid pointer dereference. | |||||
| CVE-2024-48228 | 1 Funadmin | 1 Funadmin | 2025-06-10 | N/A | 6.1 MEDIUM |
| An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting (XSS). | |||||
| CVE-2024-48178 | 1 Newbee-mall Project | 1 Newbee-mall | 2025-06-10 | N/A | 8.1 HIGH |
| newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter. | |||||
| CVE-2024-33809 | 1 Pingcap | 1 Tidb | 2025-06-10 | N/A | 6.5 MEDIUM |
| PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks. | |||||
| CVE-2024-35110 | 1 Yzmcms | 1 Yzmcms | 2025-06-10 | N/A | 5.5 MEDIUM |
| A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker. | |||||
| CVE-2024-36528 | 1 Nukeviet | 1 Nukeviet | 2025-06-10 | N/A | 8.8 HIGH |
| nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability which results in code execution via /admin/extensions/download.php and /admin/extensions/upload.php. | |||||
| CVE-2024-36531 | 1 Nukeviet | 1 Nukeviet | 2025-06-10 | N/A | 5.7 MEDIUM |
| nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code execution via the /admin/extensions/upload.php component. | |||||
| CVE-2025-48432 | 2025-06-10 | N/A | 4.0 MEDIUM | ||
| An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems. | |||||
| CVE-2024-31613 | 1 Bosscms | 1 Bosscms | 2025-06-10 | N/A | 5.4 MEDIUM |
| BOSSCMS v3.10 is vulnerable to Cross Site Request Forgery (CSRF) in name="head_code" or name="foot_code." | |||||
| CVE-2024-37840 | 1 Itsourcecode | 1 Learning Management System | 2025-06-10 | N/A | 8.8 HIGH |
| SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. | |||||
| CVE-2024-33300 | 1 Typora | 1 Typora | 2025-06-10 | N/A | 7.3 HIGH |
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | |||||
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | N/A | 6.1 MEDIUM |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | |||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2025-06-10 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | |||||