Total
1022 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23265 | 2025-06-26 | N/A | 7.8 HIGH | ||
| NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. | |||||
| CVE-2025-53002 | 2025-06-26 | N/A | 8.3 HIGH | ||
| LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue. | |||||
| CVE-2022-30194 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-24 | N/A | 7.5 HIGH |
| Windows WebBrowser Control Remote Code Execution Vulnerability | |||||
| CVE-2022-30175 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-06-24 | N/A | 7.8 HIGH |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||
| CVE-2022-44794 | 1 Objectfirst | 1 Ootbi | 2025-06-24 | N/A | 8.8 HIGH |
| An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611. | |||||
| CVE-2025-3642 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 8.8 HIGH |
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. | |||||
| CVE-2025-3641 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 8.8 HIGH |
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. | |||||
| CVE-2025-29281 | 1 Perfree | 1 Perfreeblog | 2025-06-24 | N/A | 8.8 HIGH |
| In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them. | |||||
| CVE-2024-41714 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-06-24 | N/A | 8.8 HIGH |
| A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. | |||||
| CVE-2024-23750 | 1 Deepwisdom | 1 Metagpt | 2025-06-20 | N/A | 8.8 HIGH |
| MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. | |||||
| CVE-2024-56072 | 1 Pavel-odintsov | 1 Fastnetmon | 2025-06-20 | N/A | 7.5 HIGH |
| An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples. | |||||
| CVE-2023-22526 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-06-20 | N/A | 8.8 HIGH |
| This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program | |||||
| CVE-2023-32383 | 1 Apple | 1 Macos | 2025-06-20 | N/A | 7.8 HIGH |
| This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode. | |||||
| CVE-2024-26362 | 3 Enpass, Linux, Microsoft | 3 Password Manager, Linux Kernel, Windows | 2025-06-17 | N/A | 8.8 HIGH |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | |||||
| CVE-2024-29399 | 1 Gnu | 1 Savane | 2025-06-17 | N/A | 7.6 HIGH |
| An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | |||||
| CVE-2024-25376 | 1 Thesycon | 1 Tusbaudio | 2025-06-17 | N/A | 7.8 HIGH |
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | |||||
| CVE-2023-52251 | 1 Provectus | 1 Ui | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | |||||
| CVE-2024-48700 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | N/A | 7.2 HIGH |
| Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. | |||||
| CVE-2023-51282 | 1 Mingsoft | 1 Mcms | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. | |||||
| CVE-2024-28396 | 1 Myprestamodules | 1 Orders \(csv\, Excel\) Export Pro | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. | |||||