Total
79610 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-33332 | 1 Bladex | 1 Springblade | 2025-06-03 | N/A | 7.5 HIGH |
An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | |||||
CVE-2024-43033 | 2 Jpress, Microsoft | 2 Jpress, Windows | 2025-06-03 | N/A | 8.8 HIGH |
JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358. | |||||
CVE-2024-32358 | 1 Jpress | 1 Jpress | 2025-06-03 | N/A | 7.5 HIGH |
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. | |||||
CVE-2024-35061 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.3 HIGH |
NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. | |||||
CVE-2024-35060 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. | |||||
CVE-2024-35059 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. | |||||
CVE-2024-35058 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. | |||||
CVE-2023-6634 | 1 Thimpress | 1 Learnpress | 2025-06-03 | N/A | 8.1 HIGH |
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution. | |||||
CVE-2023-6558 | 1 Webtoffee | 1 Import Export Wordpress Users | 2025-06-03 | N/A | 7.2 HIGH |
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
CVE-2023-6220 | 1 Piotnet | 1 Piotnet Forms | 2025-06-03 | N/A | 8.1 HIGH |
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
CVE-2023-51804 | 1 Rymcu | 1 Forest | 2025-06-03 | N/A | 7.5 HIGH |
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. | |||||
CVE-2023-51063 | 1 Qstar | 1 Archive Storage Manager | 2025-06-03 | N/A | 8.8 HIGH |
QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. | |||||
CVE-2023-51059 | 1 Mokosmart | 2 Mkgw1 Gateway, Mkgw1 Gateway Firmware | 2025-06-03 | N/A | 8.8 HIGH |
An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. | |||||
CVE-2023-47460 | 1 Knovos | 1 Discovery | 2025-06-03 | N/A | 8.8 HIGH |
SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. | |||||
CVE-2023-46942 | 1 Evershop | 1 Evershop | 2025-06-03 | N/A | 7.5 HIGH |
Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | |||||
CVE-2023-43449 | 1 Hummerrisk | 1 Hummerrisk | 2025-06-03 | N/A | 8.8 HIGH |
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. | |||||
CVE-2023-34061 | 1 Pivotal | 2 Cloud Foundry Deployment, Cloud Foundry Routing Release | 2025-06-03 | N/A | 7.5 HIGH |
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. | |||||
CVE-2024-35057 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. | |||||
CVE-2024-43027 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2025-06-03 | N/A | 8.0 HIGH |
DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi. | |||||
CVE-2024-41334 | 1 Draytek | 40 Vigor165, Vigor165 Firmware, Vigor166 and 37 more | 2025-06-03 | N/A | 8.8 HIGH |
Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to v4.3.2.7, Vigor 3912 prior to v4.3.5.2, and Vigor 2925 up to v3.9.6 were discovered to not utilize certificate verification, allowing attackers to upload crafted APPE modules from non-official servers, leading to arbitrary code execution. |