Total
299050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | N/A | 6.1 MEDIUM |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | |||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2025-06-10 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | |||||
| CVE-2024-33789 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | |||||
| CVE-2024-27453 | 1 Extremenetworks | 1 Extremexos | 2025-06-10 | N/A | 8.6 HIGH |
| In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). | |||||
| CVE-2024-34462 | 1 Alinto | 1 Sogo | 2025-06-10 | N/A | 6.1 MEDIUM |
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | |||||
| CVE-2024-34508 | 2 Debian, Offis | 2 Debian Linux, Dcmtk | 2025-06-10 | N/A | 4.3 MEDIUM |
| dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. | |||||
| CVE-2024-31580 | 1 Linuxfoundation | 1 Pytorch | 2025-06-10 | N/A | 4.0 MEDIUM |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2024-35618 | 1 Pingcap | 1 Tidb | 2025-06-10 | N/A | 7.5 HIGH |
| PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer. | |||||
| CVE-2024-35373 | 1 Mocodo | 1 Mocodo Online | 2025-06-10 | N/A | 9.8 CRITICAL |
| Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. | |||||
| CVE-2024-35374 | 1 Mocodo | 1 Mocodo Online | 2025-06-10 | N/A | 9.8 CRITICAL |
| Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions. | |||||
| CVE-2024-34852 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | N/A | 6.3 MEDIUM |
| F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands. | |||||
| CVE-2024-34854 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.` | |||||
| CVE-2023-36235 | 1 Webkul | 1 Qloapps | 2025-06-10 | N/A | 6.5 MEDIUM |
| An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | |||||
| CVE-2023-30305 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | N/A | 7.5 HIGH |
| An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | |||||
| CVE-2024-28390 | 1 Advancedplugins | 1 Image Toolbox\ | 2025-06-10 | N/A | 9.8 CRITICAL |
| An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. | |||||
| CVE-2024-26529 | 1 Mz-automation | 1 Libiec61850 | 2025-06-10 | N/A | 7.5 HIGH |
| An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c. | |||||
| CVE-2024-8474 | 1 Openvpn | 1 Connect | 2025-06-10 | N/A | 7.5 HIGH |
| OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic | |||||
| CVE-2024-5594 | 1 Openvpn | 1 Openvpn | 2025-06-10 | N/A | 9.1 CRITICAL |
| OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. | |||||
| CVE-2024-28882 | 1 Openvpn | 1 Openvpn | 2025-06-10 | N/A | 4.3 MEDIUM |
| OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session | |||||
| CVE-2024-28391 | 1 Fmemodules | 1 B2b Quick Order Form | 2025-06-10 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. | |||||