Total
305920 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47223 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 9.4 CRITICAL |
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | |||||
| CVE-2024-47189 | 1 Mitel | 1 Micollab | 2025-07-07 | N/A | 7.7 HIGH |
| The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to insufficient sanitization of user input. A successful exploit could allow an attacker with knowledge of specific details to access non-sensitive user provisioning information and execute arbitrary SQL database commands. | |||||
| CVE-2024-54169 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 6.5 MEDIUM |
| IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2024-54170 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 5.5 MEDIUM |
| IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles. | |||||
| CVE-2024-54171 | 3 Ibm, Linux, Microsoft | 3 Entirex, Linux Kernel, Windows | 2025-07-07 | N/A | 7.1 HIGH |
| IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | |||||
| CVE-2024-54957 | 1 Nagios | 1 Nagios Xi | 2025-07-07 | N/A | 6.1 MEDIUM |
| Nagios XI 2024R1.2.2 is vulnerable to an open redirect flaw on the Tools page, exploitable by users with read-only permissions. This vulnerability allows an attacker to craft a malicious link that redirects users to an arbitrary external URL without their consent. | |||||
| CVE-2024-54960 | 1 Nagios | 1 Nagios Xi | 2025-07-07 | N/A | 6.5 MEDIUM |
| A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component. | |||||
| CVE-2024-55160 | 1 G-fast | 1 Gfast | 2025-07-07 | N/A | 9.8 CRITICAL |
| GFast between v2 to v3.2 was discovered to contain a SQL injection vulnerability via the OrderBy parameter at /system/operLog/list. | |||||
| CVE-2021-4457 | 1 Digitalzoomstudio | 1 Zoomsounds | 2025-07-07 | N/A | 9.1 CRITICAL |
| The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server. | |||||
| CVE-2025-25905 | 1 4pace | 1 Cadclick | 2025-07-07 | N/A | 7.1 HIGH |
| Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter. | |||||
| CVE-2025-6658 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 3.3 LOW |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-26733. | |||||
| CVE-2025-6659 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 7.8 HIGH |
| PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PRC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26734. | |||||
| CVE-2024-40090 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 4.3 MEDIUM |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. | |||||
| CVE-2024-40089 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.1 CRITICAL |
| A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. | |||||
| CVE-2024-40088 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 5.3 MEDIUM |
| A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request. | |||||
| CVE-2024-40087 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.6 CRITICAL |
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | |||||
| CVE-2024-40084 | 1 Viloliving | 2 Vilo 5, Vilo 5 Firmware | 2025-07-07 | N/A | 9.6 CRITICAL |
| A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | |||||
| CVE-2025-6660 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A | 7.8 HIGH |
| PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763. | |||||
| CVE-2025-24988 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-07 | N/A | 6.6 MEDIUM |
| Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | |||||
| CVE-2024-48232 | 1 Mipjz Project | 1 Mipjz | 2025-07-07 | N/A | 4.9 MEDIUM |
| An issue was found in mipjz 5.0.5. In the mipPost method of \app\setting\controller\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files. | |||||