Vulnerabilities (CVE)

Total 79507 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5331 2025-05-30 7.5 HIGH 7.3 HIGH
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5330 2025-05-30 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-22654 2025-05-30 N/A 7.5 HIGH
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
CVE-2025-1763 2025-05-30 N/A 8.7 HIGH
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
CVE-2023-43848 1 Aten 2 Pe6208, Pe6208 Firmware 2025-05-30 N/A 8.0 HIGH
Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.
CVE-2023-43844 1 Aten 2 Pe6208, Pe6208 Firmware 2025-05-30 N/A 8.0 HIGH
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator privileges.
CVE-2024-28060 2025-05-30 N/A 7.3 HIGH
An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed.
CVE-2023-51711 1 Regify 1 Regipay 2025-05-30 N/A 7.8 HIGH
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.
CVE-2023-50872 2025-05-30 N/A 7.5 HIGH
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue."
CVE-2023-31223 1 Dradisframework 1 Dradis 2025-05-30 N/A 8.7 HIGH
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
CVE-2023-26098 1 Telindus 1 Apsal 2025-05-30 N/A 8.2 HIGH
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.
CVE-2023-26097 1 Telindus 1 Apsal 2025-05-30 N/A 8.4 HIGH
An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.
CVE-2022-36443 1 Zebra 1 Enterprise Home Screen 2025-05-30 N/A 7.8 HIGH
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.
CVE-2022-36441 1 Zebra 1 Enterprise Home Screen 2025-05-30 N/A 7.1 HIGH
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.
CVE-2022-34909 1 Aremis 1 Aremis 4 Nomads 2025-05-30 N/A 7.7 HIGH
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.
CVE-2022-34908 1 Aremis 1 Aremis 4 Nomads 2025-05-30 N/A 8.2 HIGH
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.
CVE-2021-43978 1 Allegro 1 Allegro 2025-05-30 5.5 MEDIUM 7.1 HIGH
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials.
CVE-2021-42110 1 Allegro 1 Allegro 2025-05-30 6.2 MEDIUM 7.1 HIGH
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
CVE-2021-38618 1 Gfos 1 Workforce Management 2025-05-30 6.8 MEDIUM 7.4 HIGH
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
CVE-2021-38617 1 Eigentech 1 Natural Language Processing 2025-05-30 6.5 MEDIUM 8.8 HIGH
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a standard user to create a super user account with a defined password. This directly leads to privilege escalation.