Total
307508 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51590 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22080. | |||||
| CVE-2025-27751 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-1769 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-07-09 | N/A | 4.9 MEDIUM |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information. | |||||
| CVE-2023-51591 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 7.5 HIGH |
| Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of LOCAL SERVICE. Was ZDI-CAN-22081. | |||||
| CVE-2025-27750 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27749 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2023-51593 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Struts2 dependency. The issue results from the use of a library that is vulnerable to expression language injection. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22095. | |||||
| CVE-2023-51595 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the selectDeviceListBy method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22163. | |||||
| CVE-2025-27748 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2023-51575 | 1 Voltronicpower | 1 Viewpower | 2025-07-09 | N/A | 9.8 CRITICAL |
| Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22011. | |||||
| CVE-2025-26642 | 1 Microsoft | 7 365 Apps, Access, Excel and 4 more | 2025-07-09 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-1911 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-07-09 | N/A | 2.7 LOW |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | |||||
| CVE-2025-29795 | 1 Microsoft | 1 Edge Update | 2025-07-09 | N/A | 7.8 HIGH |
| Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-25000 | 1 Microsoft | 1 Edge Chromium | 2025-07-09 | N/A | 8.8 HIGH |
| Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-25001 | 1 Microsoft | 1 Edge | 2025-07-09 | N/A | 4.3 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29796 | 1 Microsoft | 1 Edge | 2025-07-09 | N/A | 4.7 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29815 | 1 Microsoft | 1 Edge Chromium | 2025-07-09 | N/A | 7.6 HIGH |
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47977 | 1 Microsoft | 1 Nuance Digital Engagement Platform | 2025-07-09 | N/A | 8.2 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-47969 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2025-07-09 | N/A | 4.4 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-1912 | 1 Webtoffee | 1 Product Import Export For Woocommerce | 2025-07-09 | N/A | 7.6 HIGH |
| The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validate_file() Function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | |||||