Total
79717 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-3935 | 1 Connectwise | 1 Screenconnect | 2025-06-03 | N/A | 8.1 HIGH |
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to note that to obtain these machine keys, privileged system level access must be obtained. If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server. The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it. | |||||
CVE-2024-22022 | 1 Veeam | 1 Recovery Orchestrator | 2025-06-03 | N/A | 8.8 HIGH |
Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. | |||||
CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-03 | N/A | 8.8 HIGH |
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | |||||
CVE-2024-21673 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-06-03 | N/A | 8.8 HIGH |
This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). | |||||
CVE-2024-1077 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-03 | N/A | 8.8 HIGH |
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | |||||
CVE-2023-50342 | 2025-06-03 | N/A | 7.1 HIGH | ||
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. A user can obtain certain details about another user as a result of improper access control. | |||||
CVE-2023-49739 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2025-06-03 | N/A | 7.1 HIGH |
Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23. | |||||
CVE-2022-38833 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2025-06-03 | N/A | 7.2 HIGH |
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. | |||||
CVE-2022-38832 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2025-06-03 | N/A | 7.2 HIGH |
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. | |||||
CVE-2022-38577 | 1 Processmaker | 1 Processmaker | 2025-06-03 | N/A | 8.8 HIGH |
ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. | |||||
CVE-2022-23767 | 2 Hanssak, Microsoft | 3 Securegate, Weblink, Windows | 2025-06-03 | N/A | 8.8 HIGH |
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system. | |||||
CVE-2022-38878 | 1 School Activity Updates With Sms Notification Project | 1 School Activity Updates With Sms Notification | 2025-06-03 | N/A | 7.2 HIGH |
School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. | |||||
CVE-2022-38877 | 1 Garage Management System Project | 1 Garage Management System | 2025-06-03 | N/A | 7.2 HIGH |
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. | |||||
CVE-2024-31578 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 7.5 HIGH |
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. | |||||
CVE-2025-45542 | 2025-06-03 | N/A | 7.3 HIGH | ||
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||||
CVE-2024-35365 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | N/A | 8.8 HIGH |
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | |||||
CVE-2025-4749 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-06-03 | 7.8 HIGH | 7.5 HIGH |
A vulnerability classified as critical was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This vulnerability affects the function sub_4983B0 of the file /H5/backup.asp?opt=reset of the component Factory Reset Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-4746 | 1 Campcodes | 1 Sales And Inventory System | 2025-06-03 | 7.5 HIGH | 7.3 HIGH |
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-4841 | 1 Dlink | 2 Dcs-932l, Dcs-932l Firmware | 2025-06-03 | 9.0 HIGH | 8.8 HIGH |
A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2025-4759 | 1 Lirantal | 1 Lockfile-lint-api | 2025-06-03 | N/A | 8.3 HIGH |
Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one. |