Total
308541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49538 | 1 Adobe | 1 Coldfusion | 2025-07-11 | N/A | 7.4 HIGH |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation of this issue does not require user interaction, and attack must have access to shared secrets. | |||||
| CVE-2024-7572 | 1 Ivanti | 1 Desktop \& Server Management | 2025-07-11 | N/A | 7.1 HIGH |
| Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. | |||||
| CVE-2024-10630 | 1 Ivanti | 2 Application Control, Security Controls | 2025-07-11 | N/A | 7.8 HIGH |
| A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. | |||||
| CVE-2024-13172 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
| Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | |||||
| CVE-2024-13171 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
| Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | |||||
| CVE-2024-13170 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-13169 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
| An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-13168 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-13164 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
| An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-13163 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.8 HIGH |
| Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | |||||
| CVE-2024-13165 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-13166 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-13167 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.5 HIGH |
| An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-13162 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 7.2 HIGH |
| SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | |||||
| CVE-2025-6770 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-11 | N/A | 7.2 HIGH |
| OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution | |||||
| CVE-2025-6771 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-11 | N/A | 7.2 HIGH |
| OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution | |||||
| CVE-2025-6970 | 1 Pixelite | 1 Events Manager | 2025-07-11 | N/A | 7.5 HIGH |
| The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-6975 | 1 Pixelite | 1 Events Manager | 2025-07-11 | N/A | 6.1 MEDIUM |
| The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-6976 | 1 Pixelite | 1 Events Manager | 2025-07-11 | N/A | 6.4 MEDIUM |
| The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-6995 | 1 Ivanti | 1 Endpoint Manager | 2025-07-11 | N/A | 8.4 HIGH |
| Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. | |||||