Total
79487 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51063 | 1 Qstar | 1 Archive Storage Manager | 2025-06-03 | N/A | 8.8 HIGH |
| QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. | |||||
| CVE-2023-51059 | 1 Mokosmart | 2 Mkgw1 Gateway, Mkgw1 Gateway Firmware | 2025-06-03 | N/A | 8.8 HIGH |
| An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. | |||||
| CVE-2023-47460 | 1 Knovos | 1 Discovery | 2025-06-03 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. | |||||
| CVE-2023-46942 | 1 Evershop | 1 Evershop | 2025-06-03 | N/A | 7.5 HIGH |
| Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | |||||
| CVE-2023-43449 | 1 Hummerrisk | 1 Hummerrisk | 2025-06-03 | N/A | 8.8 HIGH |
| An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. | |||||
| CVE-2023-34061 | 1 Pivotal | 2 Cloud Foundry Deployment, Cloud Foundry Routing Release | 2025-06-03 | N/A | 7.5 HIGH |
| Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. | |||||
| CVE-2024-35057 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2024-43027 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-06-03 | N/A | 8.0 HIGH |
| DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. | |||||
| CVE-2024-41334 | 1 Draytek | 40 Vigor165, Vigor165 Firmware, Vigor166 and 37 more | 2025-06-03 | N/A | 8.8 HIGH |
| Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. | |||||
| CVE-2024-41338 | 1 Draytek | 40 Vigor165, Vigor165 Firmware, Vigor166 and 37 more | 2025-06-03 | N/A | 7.5 HIGH |
| A NULL pointer dereference in Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 allows attackers to cause a Denial of Service (DoS) via a crafted DHCP request. | |||||
| CVE-2024-27344 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22931. | |||||
| CVE-2023-49502 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 8.8 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. | |||||
| CVE-2023-49501 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 8.0 HIGH |
| Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. | |||||
| CVE-2024-32166 | 1 Webidsupport | 1 Webid | 2025-06-03 | N/A | 8.8 HIGH |
| Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control vulnerability, allowing attackers to buy now an auction that is suspended (horizontal privilege escalation). | |||||
| CVE-2024-27335 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22018. | |||||
| CVE-2024-27337 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22033. | |||||
| CVE-2024-27338 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the app.response method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22588. | |||||
| CVE-2024-27339 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22925. | |||||
| CVE-2024-27340 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22926. | |||||
| CVE-2024-27341 | 1 Tungstenautomation | 1 Power Pdf | 2025-06-03 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22927. | |||||