Total
302515 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25365 | 1 Octobercms | 1 October | 2025-06-17 | N/A | 7.8 HIGH |
| Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | |||||
| CVE-2023-25295 | 1 Gruen | 1 Evewa3 | 2025-06-17 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel. | |||||
| CVE-2022-47072 | 1 Sparxsystems | 1 Enterprise Architect | 2025-06-17 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.. | |||||
| CVE-2020-26624 | 1 Gilacms | 1 Gila Cms | 2025-06-17 | N/A | 3.8 LOW |
| A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | |||||
| CVE-2020-13878 | 1 Irfanview | 1 B3d | 2025-06-17 | N/A | 9.8 CRITICAL |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | |||||
| CVE-2024-33791 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | |||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2024-33793 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 5.3 MEDIUM |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | |||||
| CVE-2024-31673 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | N/A | 9.8 CRITICAL |
| Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter. | |||||
| CVE-2024-34467 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | N/A | 6.1 MEDIUM |
| ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. | |||||
| CVE-2024-34468 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 6.1 MEDIUM |
| Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. | |||||
| CVE-2024-34469 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 7.1 HIGH |
| Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | |||||
| CVE-2024-34502 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. | |||||
| CVE-2024-28521 | 1 Netentsec | 2 Application Security Gateway Firmware, Ns-asg | 2025-06-17 | N/A | 7.8 HIGH |
| SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component. | |||||
| CVE-2024-28441 | 1 Magicflue | 1 Magicflue | 2025-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. | |||||
| CVE-2024-29273 | 1 Dzzoffice | 1 Dzzoffice | 2025-06-17 | N/A | 6.1 MEDIUM |
| There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | |||||
| CVE-2025-46567 | 1 Hiyouga | 1 Llama-factory | 2025-06-17 | N/A | 6.1 MEDIUM |
| LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0. | |||||
| CVE-2025-46568 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-06-17 | N/A | 7.5 HIGH |
| Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0. | |||||
| CVE-2025-3517 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | N/A | 6.3 MEDIUM |
| Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | |||||
| CVE-2025-4178 | 2 Microsoft, Xiaowei1118 | 2 Windows, Java Server | 2025-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||