Total
299070 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6636 | 1 Wpsoul | 1 Greenshift | 2025-06-10 | N/A | 7.2 HIGH |
| The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-44005 | 1 Wpsoul | 1 Greenshift | 2025-06-10 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.3.7. | |||||
| CVE-2025-2703 | 2025-06-10 | N/A | 6.8 MEDIUM | ||
| The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. | |||||
| CVE-2024-12397 | 2025-06-10 | N/A | 7.4 HIGH | ||
| A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. | |||||
| CVE-2024-13917 | 2025-06-10 | N/A | N/A | ||
| An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.pri.applock.LockUI“ activity allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. One must know the protecting PIN number (it might be revealed by exploiting CVE-2024-13916) or ask the user to provide it. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability. Application update was released in April 2025. | |||||
| CVE-2024-13916 | 2025-06-10 | N/A | N/A | ||
| An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data. Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code. Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability. Application update was released in April 2025. | |||||
| CVE-2025-5945 | 2025-06-10 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-45479 | 1 Apache | 1 Ranger | 2025-06-10 | N/A | 9.1 CRITICAL |
| SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. | |||||
| CVE-2024-45478 | 1 Apache | 1 Ranger | 2025-06-10 | N/A | 4.8 MEDIUM |
| Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. | |||||
| CVE-2024-13915 | 2025-06-10 | N/A | N/A | ||
| Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process. The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com.pri.factorytest.emmc.FactoryResetService“ service allowing any application to perform a factory reset of the device. Application update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and April 2025 (Krüger&Matz). | |||||
| CVE-2024-6807 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-06-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-2318 | 1 Zkteco | 1 Zkbio Media | 2025-06-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2020-7533 | 1 Schneider-electric | 32 140cpu65260, 140cpu65260 Firmware, 140noc77101 and 29 more | 2025-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | |||||
| CVE-2024-55595 | 2025-06-10 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2024-31040 | 1 Emqx | 1 Nanomq | 2025-06-10 | N/A | 2.7 LOW |
| Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a denial of service via a series of specially crafted hexstreams. | |||||
| CVE-2024-31041 | 1 Emqx | 1 Nanomq | 2025-06-10 | N/A | 7.5 HIGH |
| Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. | |||||
| CVE-2024-31583 | 1 Linuxfoundation | 1 Pytorch | 2025-06-10 | N/A | 7.8 HIGH |
| Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. | |||||
| CVE-2024-31750 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. | |||||
| CVE-2024-31036 | 1 Emqx | 1 Nanomq | 2025-06-10 | N/A | 6.8 MEDIUM |
| A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service via transmission of crafted hexstreams. | |||||
| CVE-2024-3075 | 1 Mmilan81 | 1 Mm-email2image | 2025-06-10 | N/A | 8.1 HIGH |
| The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | |||||