Total
79914 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47024 | 1 Ncratleos | 1 Terminal Handler | 2025-06-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. | |||||
| CVE-2024-29269 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | |||||
| CVE-2024-33820 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 7.5 HIGH |
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||||
| CVE-2024-34506 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. | |||||
| CVE-2024-34507 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 7.4 HIGH |
| An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. | |||||
| CVE-2024-34510 | 1 Gradio Project | 1 Gradio | 2025-06-17 | N/A | 7.5 HIGH |
| Gradio before 4.20 allows credential leakage on Windows. | |||||
| CVE-2024-4549 | 1 Deltaww | 1 Diaenergie | 2025-06-17 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | |||||
| CVE-2024-34470 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. | |||||
| CVE-2023-52354 | 1 Blitiri | 1 Chasquid | 2025-06-17 | N/A | 7.5 HIGH |
| chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | |||||
| CVE-2023-52289 | 1 Sujeetkv | 1 Flaskcode | 2025-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. | |||||
| CVE-2023-52251 | 1 Provectus | 1 Ui | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | |||||
| CVE-2023-52099 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-17 | N/A | 7.5 HIGH |
| Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-50671 | 1 Aertherwide | 1 Exiftags | 2025-06-17 | N/A | 7.8 HIGH |
| In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | |||||
| CVE-2023-50159 | 1 Scalefusion | 1 Scalefusion | 2025-06-17 | N/A | 8.8 HIGH |
| In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | |||||
| CVE-2023-46892 | 1 Meross | 2 Msh30q, Msh30q Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature). | |||||
| CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-06-17 | N/A | 8.8 HIGH |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | |||||
| CVE-2024-44068 | 1 Samsung | 12 Exynos 850, Exynos 850 Firmware, Exynos 980 and 9 more | 2025-06-17 | N/A | 8.1 HIGH |
| An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2024-46292 | 1 Trustwave | 1 Modsecurity | 2025-06-17 | N/A | 7.5 HIGH |
| A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). | |||||
| CVE-2024-48700 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | N/A | 7.2 HIGH |
| Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. | |||||
| CVE-2024-34402 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. | |||||