Vulnerabilities (CVE)

Total 79769 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-27187 1 Joomla 1 Joomla\! 2025-06-04 N/A 7.5 HIGH
Improper Access Controls allows backend users to overwrite their username when disallowed.
CVE-2024-40748 1 Joomla 1 Joomla\! 2025-06-04 N/A 7.5 HIGH
Lack of output escaping in the id attribute of menu lists.
CVE-2024-40749 1 Joomla 1 Joomla\! 2025-06-04 N/A 7.5 HIGH
Improper Access Controls allows access to protected views.
CVE-2025-22205 1 Admiror-design-studio 1 Admiror Gallery 2025-06-04 N/A 7.5 HIGH
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.
CVE-2025-22210 1 Hikashop 1 Hikashop 2025-06-04 N/A 7.2 HIGH
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the category management area in backend.
CVE-2025-25227 1 Joomla 1 Joomla\! 2025-06-04 N/A 7.5 HIGH
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2024-13613 1 Kainex 1 Wise Chat 2025-06-04 N/A 7.5 HIGH
The Wise Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.3 via the 'uploads' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory which can contain file attachments included in chat messages. The vulnerability was partially patched in version 3.3.3.
CVE-2025-33103 1 Ibm 1 I 2025-06-04 N/A 8.5 HIGH
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system.
CVE-2025-4842 1 Dlink 2 Dcs-932l, Dcs-932l Firmware 2025-06-04 9.0 HIGH 8.8 HIGH
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. This vulnerability affects the function isUCPCameraNameChanged of the file /sbin/ucp. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-4843 1 Dlink 2 Dcs-932l, Dcs-932l Firmware 2025-06-04 9.0 HIGH 8.8 HIGH
A vulnerability was found in D-Link DCS-932L 2.18.01. It has been classified as critical. This affects the function SubUPnPCSInit of the file /sbin/udev. The manipulation of the argument CameraName leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-4844 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4845 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4847 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component MLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4848 1 Freefloat 1 Ftp Server 2025-06-04 7.5 HIGH 7.3 HIGH
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RECV Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8700 1 Total-soft 1 Event Calendar 2025-06-04 N/A 7.5 HIGH
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
CVE-2025-47161 1 Microsoft 1 Defender For Endpoint 2025-06-04 N/A 7.8 HIGH
Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-41385 1 Uchida 2 Wivia 5, Wivia 5 Firmware 2025-06-04 N/A 7.2 HIGH
An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user.
CVE-2025-47697 1 Uchida 2 Wivia 5, Wivia 5 Firmware 2025-06-04 N/A 7.5 HIGH
Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator user.
CVE-2025-48492 1 Getsimple-ce 1 Getsimple Cms 2025-06-04 N/A 8.8 HIGH
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). This issue is set to be patched in version 3.3.22.
CVE-2025-3937 4 Blackberry, Linux, Microsoft and 1 more 5 Qnx, Linux Kernel, Windows and 2 more 2025-06-04 N/A 7.7 HIGH
Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.