Total
79788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34302 | 1 Ashlar | 1 Cobalt | 2025-06-04 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17865. | |||||
| CVE-2025-27038 | 1 Qualcomm | 88 Ar8031, Ar8031 Firmware, Csra6620 and 85 more | 2025-06-04 | N/A | 7.5 HIGH |
| Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. | |||||
| CVE-2024-46278 | 1 Sismics | 1 Teedy | 2025-06-04 | N/A | 8.4 HIGH |
| Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. | |||||
| CVE-2024-39963 | 1 Tenda | 4 Ax12, Ax12 Firmware, Ax9 and 1 more | 2025-06-04 | N/A | 8.0 HIGH |
| AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. | |||||
| CVE-2024-41281 | 1 Linksys | 2 Wrt54g, Wrt54g Firmware | 2025-06-04 | N/A | 8.8 HIGH |
| Linksys WRT54G v4.21.5 has a stack overflow vulnerability in get_merge_mac function. | |||||
| CVE-2024-13244 | 1 Migrate Tools Project | 1 Migrate Tools | 2025-06-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. | |||||
| CVE-2024-41726 | 1 Skygroup | 1 Skysea Client View | 2025-06-04 | N/A | 7.5 HIGH |
| Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed. | |||||
| CVE-2024-41139 | 1 Skygroup | 1 Skysea Client View | 2025-06-04 | N/A | 7.8 HIGH |
| Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed with SYSTEM privilege. | |||||
| CVE-2024-40400 | 1 Automad | 1 Automad | 2025-06-04 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2024-13240 | 1 Getopensocial | 1 Open Social | 2025-06-04 | N/A | 7.5 HIGH |
| Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | |||||
| CVE-2023-5934 | 1 Travelpayouts | 1 Travelpayouts | 2025-06-04 | N/A | 7.3 HIGH |
| The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.13 does not have CSRF check in place when importing settings from the v1, which could allow attackers to make a logged in admin update some settings via a CSRF attack | |||||
| CVE-2025-40581 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | N/A | 7.1 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices are vulnerable to an authentication bypass. This could allow a non-privileged local attacker to bypass the authentication of the SINEMA Remote Connect Edge Client, and to read and modify the configuration parameters. | |||||
| CVE-2025-40574 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2025-06-04 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service. | |||||
| CVE-2024-13250 | 1 Drupal Symfony Mailer Lite Project | 1 Drupal Symfony Mailer Lite | 2025-06-04 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. | |||||
| CVE-2024-13255 | 1 Restful Web Services Project | 1 Restful Web Services | 2025-06-04 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | |||||
| CVE-2024-46330 | 1 Vonets | 2 Vap11g-300, Vap11g-300 Firmware | 2025-06-04 | N/A | 7.4 HIGH |
| VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the iptablesWebsFilterRun object. | |||||
| CVE-2024-50305 | 1 Apache | 1 Traffic Server | 2025-06-04 | N/A | 7.5 HIGH |
| Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | |||||
| CVE-2024-23744 | 1 Arm | 1 Mbed Tls | 2025-06-04 | N/A | 7.5 HIGH |
| An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | |||||
| CVE-2024-23681 | 1 Ls1intum | 1 Artemis Java Test Sandbox | 2025-06-04 | N/A | 8.2 HIGH |
| Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. | |||||
| CVE-2024-23452 | 1 Apache | 1 Brpc | 2025-06-04 | N/A | 7.5 HIGH |
| Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518 | |||||