Total
79769 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-5216 | 1 Phpgurukul | 1 Student Record System | 2025-06-05 | 7.5 HIGH | 7.3 HIGH |
A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-5218 | 1 Freefloat | 1 Ftp Server | 2025-06-05 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-5217 | 1 Freefloat | 1 Ftp Server | 2025-06-05 | 7.5 HIGH | 7.3 HIGH |
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RMDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-11391 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-06-05 | N/A | 7.5 HIGH |
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
CVE-2024-35422 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 7.8 HIGH |
vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c. | |||||
CVE-2024-35423 | 1 Lonelycoder | 1 Vmir | 2025-06-05 | N/A | 7.8 HIGH |
vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c. | |||||
CVE-2024-5409 | 1 Saltos | 1 Rhinos | 2025-06-05 | N/A | 7.1 HIGH |
RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details. | |||||
CVE-2024-5408 | 1 Saltos | 1 Rhinos | 2025-06-05 | N/A | 7.1 HIGH |
Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL. | |||||
CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | N/A | 8.1 HIGH |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | |||||
CVE-2024-13333 | 1 Advancedfilemanager | 1 Advanced File Manager | 2025-06-05 | N/A | 7.5 HIGH |
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The function can be exploited only if the "Display .htaccess?" setting is enabled. | |||||
CVE-2024-31477 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-05 | N/A | 7.2 HIGH |
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2024-31476 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-05 | N/A | 7.2 HIGH |
Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2024-31475 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-05 | N/A | 8.2 HIGH |
There is an arbitrary file deletion vulnerability in the Central Communications service accessed by PAPI (Aruba's access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point. | |||||
CVE-2024-31474 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-06-05 | N/A | 8.2 HIGH |
There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI (Aruba's Access Point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the affected Access Point | |||||
CVE-2023-30581 | 1 Nodejs | 1 Node.js | 2025-06-05 | N/A | 7.5 HIGH |
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js | |||||
CVE-2022-41201 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-06-05 | N/A | 7.8 HIGH |
Due to lack of proper memory management, when a victim opens a manipulated Right Hemisphere Binary (.rh, rh.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | |||||
CVE-2024-4420 | 1 Google | 1 Tink C\+\+ | 2025-06-05 | N/A | 7.5 HIGH |
There exists a Denial of service vulnerability in Tink-cc in versions prior to 2.1.3. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input that is not an encoded JSON object, but still a valid encoded JSON element, for example a number or an array. This will crash as Tink just assumes any valid JSON input will contain an object. * An adversary can crash binaries using the crypto::tink::JsonKeysetReader in tink-cc by providing an input containing many nested JSON objects. This may result in a stack overflow. We recommend upgrading to version 2.1.3 or above | |||||
CVE-2025-37803 | 1 Linux | 1 Linux Kernel | 2025-06-05 | N/A | 7.8 HIGH |
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. | |||||
CVE-2025-1252 | 1 Rti | 1 Connext Professional | 2025-06-05 | N/A | 7.1 HIGH |
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23. | |||||
CVE-2025-1253 | 1 Rti | 1 Connext Professional | 2025-06-05 | N/A | 7.8 HIGH |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23. |