Total
79497 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5190 | 2025-05-30 | N/A | 8.8 HIGH | ||
| The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice' function with the 'is_ba_original_user_COOKIEHASH' cookie value. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator, if they have access to the user id. | |||||
| CVE-2025-2500 | 2025-05-30 | N/A | 7.4 HIGH | ||
| A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and the time window of a possible password attack could be expanded. | |||||
| CVE-2025-0602 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-48331 | 2025-05-30 | N/A | 7.5 HIGH | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0. | |||||
| CVE-2024-54952 | 2025-05-30 | N/A | 7.5 HIGH | ||
| MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference. This leads to a Remote Denial of Service (DoS), rendering the SMB service unavailable. | |||||
| CVE-2025-4990 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-45474 | 2025-05-30 | N/A | 7.3 HIGH | ||
| maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings. | |||||
| CVE-2025-4985 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-4986 | 2025-05-30 | N/A | 8.7 HIGH | ||
| A stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session. | |||||
| CVE-2025-46701 | 2025-05-30 | N/A | 7.3 HIGH | ||
| Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.6, from 10.1.0-M1 through 10.1.40, from 9.0.0.M1 through 9.0.104. Users are recommended to upgrade to version 11.0.7, 10.1.41 or 9.0.105, which fixes the issue. | |||||
| CVE-2025-5331 | 2025-05-30 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5330 | 2025-05-30 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22654 | 2025-05-30 | N/A | 7.5 HIGH | ||
| tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. | |||||
| CVE-2025-1763 | 2025-05-30 | N/A | 8.7 HIGH | ||
| An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | |||||
| CVE-2023-43848 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | N/A | 8.0 HIGH |
| Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request. | |||||
| CVE-2023-43844 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | N/A | 8.0 HIGH |
| Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges. | |||||
| CVE-2024-28060 | 2025-05-30 | N/A | 7.3 HIGH | ||
| An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2023-51711 | 1 Regify | 1 Regipay | 2025-05-30 | N/A | 7.8 HIGH |
| An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | |||||
| CVE-2023-50872 | 2025-05-30 | N/A | 7.5 HIGH | ||
| The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue." | |||||
| CVE-2023-31223 | 1 Dradisframework | 1 Dradis | 2025-05-30 | N/A | 8.7 HIGH |
| Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | |||||