Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33775 | 1 Nagios | 1 Nagios Xi | 2025-06-30 | N/A | 9.8 CRITICAL |
| An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | |||||
| CVE-2025-30281 | 1 Adobe | 1 Coldfusion | 2025-06-24 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2024-11698 | 2 Apple, Mozilla | 3 Macos, Firefox, Thunderbird | 2025-06-24 | N/A | 9.8 CRITICAL |
| A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | |||||
| CVE-2024-25678 | 1 Litespeedtech | 1 Lsquic | 2025-06-20 | N/A | 9.8 CRITICAL |
| In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. | |||||
| CVE-2023-52101 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-20 | N/A | 9.1 CRITICAL |
| Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity. | |||||
| CVE-2023-52029 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. | |||||
| CVE-2023-52028 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. | |||||
| CVE-2023-46226 | 1 Apache | 1 Iotdb | 2025-06-20 | N/A | 9.8 CRITICAL |
| Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | |||||
| CVE-2020-36770 | 1 Gentoo | 1 Ebuild For Slurm | 2025-06-20 | N/A | 9.8 CRITICAL |
| pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files. | |||||
| CVE-2023-51123 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | |||||
| CVE-2023-49235 | 1 Trendnet | 2 Tv-ip1314pi, Tv-ip1314pi Firmware | 2025-06-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. | |||||
| CVE-2023-31446 | 1 Cassianetworks | 4 Xc1000, Xc1000 Firmware, Xc2000 and 1 more | 2025-06-20 | N/A | 9.8 CRITICAL |
| In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup. | |||||
| CVE-2024-22216 | 1 Microchip | 1 Maxview Storage Manager | 2025-06-18 | N/A | 10.0 CRITICAL |
| In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339). | |||||
| CVE-2021-38243 | 1 Xunruicms | 1 Xunruicms | 2025-06-18 | N/A | 9.8 CRITICAL |
| xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | |||||
| CVE-2023-50694 | 1 Dom96 | 1 Httpbeast | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. | |||||
| CVE-2023-52032 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | |||||
| CVE-2023-52041 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. | |||||
| CVE-2023-51906 | 1 Yonyou | 1 Yonbip | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | |||||
| CVE-2024-22076 | 1 Myq-solution | 1 Print Server | 2025-06-16 | N/A | 9.8 CRITICAL |
| MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | |||||
| CVE-2023-35837 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges. | |||||