Total
301389 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37821 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-06-13 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. | |||||
| CVE-2024-33900 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-21733 | 1 Apache | 1 Tomcat | 2025-06-13 | N/A | 5.3 MEDIUM |
| Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. | |||||
| CVE-2023-52115 | 1 Huawei | 1 Harmonyos | 2025-06-13 | N/A | 7.5 HIGH |
| The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions. | |||||
| CVE-2023-52074 | 1 Flycms Project | 1 Flycms | 2025-06-13 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | |||||
| CVE-2023-0224 | 1 Givewp | 1 Givewp | 2025-06-13 | N/A | 9.8 CRITICAL |
| The GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks | |||||
| CVE-2022-4976 | 2025-06-13 | N/A | 9.8 CRITICAL | ||
| Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141. | |||||
| CVE-2024-33901 | 1 Keepassxc | 1 Keepassxc | 2025-06-13 | N/A | 6.5 MEDIUM |
| Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this unavoidable in the current design and other realistic designs. | |||||
| CVE-2024-32407 | 1 Inducer | 1 Relate | 2025-06-13 | N/A | 8.8 HIGH |
| An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. | |||||
| CVE-2024-32405 | 1 Inducer | 1 Relate | 2025-06-13 | N/A | 2.6 LOW |
| Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function. | |||||
| CVE-2024-50849 | 1 Rws | 1 Worldserver | 2025-06-13 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. | |||||
| CVE-2025-26013 | 1 Olajowon | 1 Loggrove | 2025-06-13 | N/A | 8.2 HIGH |
| An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component. | |||||
| CVE-2025-26014 | 1 Olajowon | 1 Loggrove | 2025-06-13 | N/A | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. | |||||
| CVE-2025-45752 | 1 Seeddms | 1 Seeddms | 2025-06-13 | N/A | 7.2 HIGH |
| A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. | |||||
| CVE-2024-57529 | 1 Jeppesen | 1 Jetplanner | 2025-06-13 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code. | |||||
| CVE-2025-28099 | 1 Fumiao | 1 Opencms | 2025-06-13 | N/A | 4.3 MEDIUM |
| opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp, | |||||
| CVE-2025-48068 | 2025-06-13 | N/A | N/A | ||
| Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 14.2.30 and 15.0.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the dev server was running with the App Router enabled. The vulnerability only affects local development environments and requires the user to visit a malicious webpage while npm run dev is active. This issue has been patched in versions 14.2.30 and 15.2.2. | |||||
| CVE-2022-41572 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-06-13 | N/A | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. | |||||
| CVE-2024-22893 | 1 Openslides | 1 Openslides | 2025-06-13 | N/A | 7.5 HIGH |
| OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack. | |||||
| CVE-2024-37759 | 1 Datagear | 1 Datagear | 2025-06-13 | N/A | 9.8 CRITICAL |
| DataGear v5.0.0 and earlier was discovered to contain a SpEL (Spring Expression Language) expression injection vulnerability via the Data Viewing interface. | |||||