Total
305738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6069 | 2025-07-07 | N/A | 4.3 MEDIUM | ||
| The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service. | |||||
| CVE-2022-23302 | 5 Apache, Broadcom, Netapp and 2 more | 26 Log4j, Brocade Sannav, Snapmanager and 23 more | 2025-07-07 | 6.0 MEDIUM | 8.8 HIGH |
| JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2024-56810 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2024-56811 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2025-25928 | 1 Openmrs | 1 Openmrs | 2025-07-07 | N/A | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an administrative role by leveraging the CSRF vulnerability at the /admin/users/user.form endpoint. | |||||
| CVE-2024-56812 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 3.3 LOW |
| IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | |||||
| CVE-2024-57046 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-07-07 | N/A | 8.8 HIGH |
| A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. | |||||
| CVE-2024-52702 | 1 Mybb | 1 Mybb | 2025-07-07 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. | |||||
| CVE-2024-52726 | 1 Crmeb | 1 Crmeb | 2025-07-07 | N/A | 7.5 HIGH |
| CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information | |||||
| CVE-2024-5285 | 1 Tipsandtricks-hq | 1 Wp Affiliate Platform | 2025-07-07 | N/A | 5.5 MEDIUM |
| The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack | |||||
| CVE-2024-52871 | 1 Flagsmith | 1 Flagsmith | 2025-07-07 | N/A | 7.5 HIGH |
| In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting. | |||||
| CVE-2024-52872 | 1 Flagsmith | 1 Flagsmith | 2025-07-07 | N/A | 7.5 HIGH |
| In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. | |||||
| CVE-2024-53384 | 1 Egoist | 1 Tsup | 2025-07-07 | N/A | 5.1 MEDIUM |
| A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjs_shims.js components | |||||
| CVE-2024-53387 | 1 Umeditor Project | 1 Umeditor | 2025-07-07 | N/A | 8.8 HIGH |
| A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element. | |||||
| CVE-2024-53388 | 1 Mavo | 1 Mavo | 2025-07-07 | N/A | 8.8 HIGH |
| A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element. | |||||
| CVE-2024-35287 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 6.7 MEDIUM |
| A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (9.8.1.5) could allow an authenticated attacker with administrative privilege to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | |||||
| CVE-2024-35286 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 9.8 CRITICAL |
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. | |||||
| CVE-2024-35285 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 9.8 CRITICAL |
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. | |||||
| CVE-2024-53619 | 1 Spip | 1 Spip | 2025-07-07 | N/A | 6.3 MEDIUM |
| An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35314 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-07-07 | N/A | 9.8 CRITICAL |
| A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts. | |||||