Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50658 | 1 Ipublishmedia | 1 Adportal | 2025-06-24 | N/A | 9.8 CRITICAL |
| Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file | |||||
| CVE-2025-49132 | 2025-06-23 | N/A | 10.0 CRITICAL | ||
| Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack. | |||||
| CVE-2025-6512 | 2025-06-23 | N/A | 10.0 CRITICAL | ||
| On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights. | |||||
| CVE-2024-42733 | 1 Docmosis | 1 Tornado | 2025-06-23 | N/A | 9.8 CRITICAL |
| An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input | |||||
| CVE-2025-44022 | 1 Vvveb | 1 Vvveb | 2025-06-23 | N/A | 9.8 CRITICAL |
| An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. | |||||
| CVE-2024-40446 | 1 Ctan | 1 Mimetex | 2025-06-23 | N/A | 9.8 CRITICAL |
| An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script | |||||
| CVE-2025-28386 | 1 Openc3 | 1 Cosmos | 2025-06-23 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file. | |||||
| CVE-2024-38396 | 1 Iterm2 | 1 Iterm2 | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395. | |||||
| CVE-2025-47916 | 1 Invisioncommunity | 1 Invisioncommunity | 2025-06-20 | N/A | 10.0 CRITICAL |
| Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller (file: /applications/core/modules/front/system/themeeditor.php), where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content parameter to the Theme::makeProcessFunction() method; hence it is evaluated by the template engine. Accordingly, this can be exploited by unauthenticated attackers to inject and execute arbitrary PHP code by providing crafted template strings. | |||||
| CVE-2023-46226 | 1 Apache | 1 Iotdb | 2025-06-20 | N/A | 9.8 CRITICAL |
| Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | |||||
| CVE-2025-29058 | 1 Qimou Cms Project | 1 Qimou Cms | 2025-06-19 | N/A | 9.8 CRITICAL |
| An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component. | |||||
| CVE-2024-38395 | 1 Iterm2 | 1 Iterm2 | 2025-06-18 | N/A | 9.8 CRITICAL |
| In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." | |||||
| CVE-2024-42936 | 1 Ruijie | 2 Reyee Os, Rg-ew300n | 2025-06-18 | N/A | 9.8 CRITICAL |
| The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerable to Remote Code Execution via a modified MQTT broker message. | |||||
| CVE-2021-38243 | 1 Xunruicms | 1 Xunruicms | 2025-06-18 | N/A | 9.8 CRITICAL |
| xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | |||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-06-18 | N/A | 9.8 CRITICAL |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | |||||
| CVE-2025-32106 | 1 Audiocodes | 6 Mp-112, Mp-112 Firmware, Mp-114 and 3 more | 2025-06-18 | N/A | 9.8 CRITICAL |
| In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code. | |||||
| CVE-2024-29500 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | |||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | |||||
| CVE-2024-29937 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-06-17 | N/A | 9.8 CRITICAL |
| NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | |||||
| CVE-2023-50488 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. | |||||