Total
302532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26624 | 1 Gilacms | 1 Gila Cms | 2025-06-17 | N/A | 3.8 LOW |
| A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | |||||
| CVE-2020-13878 | 1 Irfanview | 1 B3d | 2025-06-17 | N/A | 9.8 CRITICAL |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | |||||
| CVE-2024-33791 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 4.6 MEDIUM |
| A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | |||||
| CVE-2024-33792 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | |||||
| CVE-2024-33793 | 1 Netis-systems | 2 Mex605, Mex605 Firmware | 2025-06-17 | N/A | 5.3 MEDIUM |
| netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | |||||
| CVE-2024-31673 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | N/A | 9.8 CRITICAL |
| Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter. | |||||
| CVE-2024-34467 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | N/A | 6.1 MEDIUM |
| ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. | |||||
| CVE-2024-34468 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 6.1 MEDIUM |
| Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. | |||||
| CVE-2024-34469 | 1 Rukovoditel | 1 Rukovoditel | 2025-06-17 | N/A | 7.1 HIGH |
| Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. | |||||
| CVE-2024-34502 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to the to-id, even if the request was not a POST request, and even if it does not contain an edit token. | |||||
| CVE-2024-28521 | 1 Netentsec | 2 Application Security Gateway Firmware, Ns-asg | 2025-06-17 | N/A | 7.8 HIGH |
| SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component. | |||||
| CVE-2024-28441 | 1 Magicflue | 1 Magicflue | 2025-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. | |||||
| CVE-2024-29273 | 1 Dzzoffice | 1 Dzzoffice | 2025-06-17 | N/A | 6.1 MEDIUM |
| There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. | |||||
| CVE-2025-46567 | 1 Hiyouga | 1 Llama-factory | 2025-06-17 | N/A | 6.1 MEDIUM |
| LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script performs insecure deserialization using `torch.load()` on user-supplied `.bin` files from an input directory. An attacker can exploit this behavior by crafting a malicious `.bin` file that executes arbitrary commands during deserialization. This issue has been patched in version 1.0.0. | |||||
| CVE-2025-46568 | 1 Stirlingpdf | 1 Stirling Pdf | 2025-06-17 | N/A | 7.5 HIGH |
| Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0. | |||||
| CVE-2025-3517 | 1 Devolutions | 1 Devolutions Server | 2025-06-17 | N/A | 6.3 MEDIUM |
| Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username. | |||||
| CVE-2025-4178 | 2 Microsoft, Xiaowei1118 | 2 Windows, Java Server | 2025-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-3927 | 1 Digigram | 1 Pyko-out | 2025-06-17 | N/A | 9.8 CRITICAL |
| Digigram's PYKO-OUT audio-over-IP (AoIP) web-server does not require a password by default, allowing any attacker with the target IP address to connect and compromise the device, potentially pivoting to connected network or hardware devices. | |||||
| CVE-2023-41099 | 1 Atos | 1 Eviden Cardos Api | 2025-06-17 | N/A | 7.8 HIGH |
| In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM). | |||||
| CVE-2025-4215 | 2 Debian, Ublockorigin | 2 Debian Linux, Ublock Origin | 2025-06-17 | 2.6 LOW | 3.1 LOW |
| A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b17 is able to address this issue. The patch is identified as eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to upgrade the affected component. | |||||