Total
79809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46210 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2025-23105 | 1 Samsung | 6 Exynos 1480, Exynos 1480 Firmware, Exynos 2200 and 3 more | 2025-06-13 | N/A | 7.8 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2022-45064 | 1 Apache | 1 Apache Sling Engine | 2025-06-13 | N/A | 8.0 HIGH |
| The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option. | |||||
| CVE-2025-45542 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
| CVE-2024-57459 | 1 Vishalmathur | 1 Cloudclassroom-php Project | 2025-06-13 | N/A | 7.3 HIGH |
| A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | |||||
| CVE-2024-31503 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-06-13 | N/A | 7.5 HIGH |
| Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover. | |||||
| CVE-2024-37821 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-06-13 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. | |||||
| CVE-2023-52115 | 1 Huawei | 1 Harmonyos | 2025-06-13 | N/A | 7.5 HIGH |
| The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions. | |||||
| CVE-2023-52074 | 1 Flycms Project | 1 Flycms | 2025-06-13 | N/A | 8.8 HIGH |
| FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | |||||
| CVE-2024-32407 | 1 Inducer | 1 Relate | 2025-06-13 | N/A | 8.8 HIGH |
| An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature. | |||||
| CVE-2025-26013 | 1 Olajowon | 1 Loggrove | 2025-06-13 | N/A | 8.2 HIGH |
| An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component. | |||||
| CVE-2025-45752 | 1 Seeddms | 1 Seeddms | 2025-06-13 | N/A | 7.2 HIGH |
| A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. | |||||
| CVE-2024-22893 | 1 Openslides | 1 Openslides | 2025-06-13 | N/A | 7.5 HIGH |
| OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack. | |||||
| CVE-2024-37665 | 1 Wvp-pro | 1 Gb28181 | 2025-06-13 | N/A | 8.8 HIGH |
| An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request. | |||||
| CVE-2024-52769 | 1 Dedebiz | 1 Dedebiz | 2025-06-13 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-34199 | 1 Ritlabs | 1 Tinyweb | 2025-06-13 | N/A | 8.6 HIGH |
| TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line. | |||||
| CVE-2024-34251 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2025-06-13 | N/A | 7.5 HIGH |
| An out-of-bound memory read vulnerability was discovered in Bytecode Alliance wasm-micro-runtime v2.0.0 which allows a remote attacker to cause a denial of service via the "block_type_get_arity" function in core/iwasm/interpreter/wasm.h. | |||||
| CVE-2025-46837 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 8.7 HIGH |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2025-46840 | 1 Adobe | 1 Experience Manager | 2025-06-13 | N/A | 8.7 HIGH |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | |||||
| CVE-2024-54780 | 1 Netgate | 2 Pfsense Ce, Pfsense Plus | 2025-06-13 | N/A | 8.8 HIGH |
| Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds are vulnerable to command injection in the OpenVPN widget due to improper sanitization of user-supplied input to the OpenVPN management interface. An authenticated attacker can exploit this vulnerability by injecting arbitrary OpenVPN management commands via the remipp parameter. | |||||