Vulnerabilities (CVE)

Total 79769 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-5216 1 Phpgurukul 1 Student Record System 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5218 1 Freefloat 1 Ftp Server 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5217 1 Freefloat 1 Ftp Server 2025-06-05 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11391 1 Advancedfilemanager 1 Advanced File Manager 2025-06-05 N/A 7.5 HIGH
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-35422 1 Lonelycoder 1 Vmir 2025-06-05 N/A 7.8 HIGH
vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c.
CVE-2024-35423 1 Lonelycoder 1 Vmir 2025-06-05 N/A 7.8 HIGH
vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c.
CVE-2024-5409 1 Saltos 1 Rhinos 2025-06-05 N/A 7.1 HIGH
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.
CVE-2024-5408 1 Saltos 1 Rhinos 2025-06-05 N/A 7.1 HIGH
Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.
CVE-2024-11721 1 Dynamiapps 1 Frontend Admin 2025-06-05 N/A 8.1 HIGH
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form.
CVE-2024-13333 1 Advancedfilemanager 1 Advanced File Manager 2025-06-05 N/A 7.5 HIGH
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The function can be exploited only if the "Display .htaccess?" setting is enabled.
CVE-2024-31477 2 Arubanetworks, Hp 2 Arubaos, Instantos 2025-06-05 N/A 7.2 HIGH
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2024-31476 2 Arubanetworks, Hp 2 Arubaos, Instantos 2025-06-05 N/A 7.2 HIGH
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2024-31475 2 Arubanetworks, Hp 2 Arubaos, Instantos 2025-06-05 N/A 8.2 HIGH
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point.
CVE-2024-31474 2 Arubanetworks, Hp 2 Arubaos, Instantos 2025-06-05 N/A 8.2 HIGH
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point
CVE-2023-30581 1 Nodejs 1 Node.js 2025-06-05 N/A 7.5 HIGH
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
CVE-2022-41201 1 Sap 1 3d Visual Enterprise Viewer 2025-06-05 N/A 7.8 HIGH
Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2024-4420 1 Google 1 Tink C\+\+ 2025-06-05 N/A 7.5 HIGH
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3.  * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow. We recommend upgrading to version 2.1.3 or above
CVE-2025-37803 1 Linux 1 Linux Kernel 2025-06-05 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
CVE-2025-1252 1 Rti 1 Connext Professional 2025-06-05 N/A 7.1 HIGH
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23.
CVE-2025-1253 1 Rti 1 Connext Professional 2025-06-05 N/A 7.8 HIGH
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.