Total
307439 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16640 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-07-09 | N/A | 7.5 HIGH |
| An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow an attacker to upload any file to the gateway. This affects EG-2000SE EG_RGOS 11.9 B11P1. | |||||
| CVE-2019-16639 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-07-09 | N/A | 9.8 CRITICAL |
| An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access) to use TELNET commands and/or show admin passwords via the mode_url=exec&command= substring. This affects EG-2000SE EG_RGOS 11.9 B11P1. | |||||
| CVE-2023-51581 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22034. | |||||
| CVE-2023-51582 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LinuxMonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22035. | |||||
| CVE-2019-16641 | 1 Ruijie | 2 Eg-2000se, Eg-2000se Firmware | 2025-07-09 | N/A | 8.4 HIGH |
| An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing its password. This affects EG-2000SE EG_RGOS 11.1(1)B1. | |||||
| CVE-2023-51583 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpsScheduler class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22036. | |||||
| CVE-2023-51584 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 8.8 HIGH |
| Voltronic Power ViewPower USBCommEx shutdown Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation. The specific flaw exists within the shutdown method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22065. | |||||
| CVE-2025-29816 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-09 | N/A | 7.5 HIGH |
| Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2023-51585 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 8.8 HIGH |
| Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation. The specific flaw exists within the shutdown method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22071. | |||||
| CVE-2024-40394 | 1 Oretnom23 | 1 Simple Library Management System | 2025-07-09 | N/A | 9.8 CRITICAL |
| Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php. | |||||
| CVE-2025-29794 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2023-51586 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectEventConfig method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22072. | |||||
| CVE-2025-29793 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 7.2 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2023-51587 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 7.5 HIGH |
| Voltronic Power ViewPower getModbusPassword Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getModbusPassword method. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22073. | |||||
| CVE-2025-29792 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.3 HIGH |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29791 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2023-51588 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 7.8 HIGH |
| Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of a MySQL instance. The issue results from hardcoded database credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22075. | |||||
| CVE-2025-27752 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2023-51590 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22080. | |||||
| CVE-2025-27751 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||