Vulnerabilities (CVE)

Total 79741 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-4845 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4847 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4848 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8700 1 Total-soft 1 Event Calendar 2025-06-04 N/A 7.5 HIGH
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
CVE-2025-47161 1 Microsoft 1 Defender For Endpoint 2025-06-04 N/A 7.8 HIGH
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-41385 1 Uchida 2 Wivia 5, Wivia 5 Firmware 2025-06-04 N/A 7.2 HIGH
An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user.
CVE-2025-47697 1 Uchida 2 Wivia 5, Wivia 5 Firmware 2025-06-04 N/A 7.5 HIGH
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.
CVE-2025-48492 1 Getsimple-ce 1 Getsimple Cms 2025-06-04 N/A 8.8 HIGH
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.
CVE-2025-3937 4 Blackberry, Linux, Microsoft and 1 more 5 Qnx, Linux Kernel, Windows and 2 more 2025-06-04 N/A 7.7 HIGH
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
CVE-2025-3944 4 Blackberry, Linux, Microsoft and 1 more 5 Qnx, Linux Kernel, Windows and 2 more 2025-06-04 N/A 7.2 HIGH
Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.
CVE-2025-48936 1 Zitadel 1 Zitadel 2025-06-04 N/A 8.1 HIGH
Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. If an attacker can manipulate these headers (e.g., via host header injection), they could cause ZITADEL to generate a password reset link pointing to a malicious domain controlled by the attacker. If the user clicks this manipulated link in the email, the secret reset code embedded in the URL can be captured by the attacker. This captured code could then be used to reset the user's password and gain unauthorized access to their account. This specific attack vector is mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled. This issue has been patched in versions 2.70.12, 2.71.10, and 3.2.2.
CVE-2025-5576 1 Phpgurukul 1 Dairy Farm Shop Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5577 1 Phpgurukul 1 Dairy Farm Shop Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5579 1 Phpgurukul 1 Dairy Farm Shop Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php. The manipulation of the argument productname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5578 1 Phpgurukul 1 Dairy Farm Shop Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sales-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-21479 1 Qualcomm 144 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 141 more 2025-06-04 N/A 8.6 HIGH
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVE-2025-5581 1 Codeastro 1 Real Estate Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5583 1 Codeastro 1 Real Estate Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5580 1 Codeastro 1 Real Estate Management System 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-33526 1 Ilias 1 Ilias 2025-06-04 N/A 7.1 HIGH
A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload.