Total
79612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39336 | 1 Ivanti | 1 Endpoint Manager | 2025-06-03 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | |||||
| CVE-2023-32886 | 1 Mediatek | 47 Mt2735, Mt6813, Mt6833 and 44 more | 2025-06-03 | N/A | 7.5 HIGH |
| In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | |||||
| CVE-2022-3328 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-06-03 | N/A | 7.8 HIGH |
| Race condition in snap-confine's must_mkdir_and_open_with_perms() | |||||
| CVE-2024-29320 | 1 Wallosapp | 1 Wallos | 2025-06-03 | N/A | 8.1 HIGH |
| Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. | |||||
| CVE-2024-33332 | 1 Bladex | 1 Springblade | 2025-06-03 | N/A | 7.5 HIGH |
| An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. | |||||
| CVE-2024-43033 | 2 Jpress, Microsoft | 2 Jpress, Windows | 2025-06-03 | N/A | 8.8 HIGH |
| JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358. | |||||
| CVE-2024-32358 | 1 Jpress | 1 Jpress | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. | |||||
| CVE-2024-35061 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.3 HIGH |
| NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject leads to an unauthenticated, fully remote code execution. | |||||
| CVE-2024-35060 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. | |||||
| CVE-2024-35059 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. | |||||
| CVE-2024-35058 | 1 Nasa | 1 Ait Core | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. | |||||
| CVE-2023-6634 | 1 Thimpress | 1 Learnpress | 2025-06-03 | N/A | 8.1 HIGH |
| The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution. | |||||
| CVE-2023-6558 | 1 Webtoffee | 1 Import Export Wordpress Users | 2025-06-03 | N/A | 7.2 HIGH |
| The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-6220 | 1 Piotnet | 1 Piotnet Forms | 2025-06-03 | N/A | 8.1 HIGH |
| The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-51804 | 1 Rymcu | 1 Forest | 2025-06-03 | N/A | 7.5 HIGH |
| An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. | |||||
| CVE-2023-51063 | 1 Qstar | 1 Archive Storage Manager | 2025-06-03 | N/A | 8.8 HIGH |
| QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. | |||||
| CVE-2023-51059 | 1 Mokosmart | 2 Mkgw1 Gateway, Mkgw1 Gateway Firmware | 2025-06-03 | N/A | 8.8 HIGH |
| An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. | |||||
| CVE-2023-47460 | 1 Knovos | 1 Discovery | 2025-06-03 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. | |||||
| CVE-2023-46942 | 1 Evershop | 1 Evershop | 2025-06-03 | N/A | 7.5 HIGH |
| Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | |||||
| CVE-2023-43449 | 1 Hummerrisk | 1 Hummerrisk | 2025-06-03 | N/A | 8.8 HIGH |
| An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. | |||||