Total
79803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5484 | 2025-06-12 | N/A | 8.3 HIGH | ||
| A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. | |||||
| CVE-2025-44019 | 2025-06-12 | N/A | 7.1 HIGH | ||
| AVEVA PI Data Archive products are vulnerable to an uncaught exception that, if exploited, could allow an authenticated user to shut down certain necessary PI Data Archive subsystems, resulting in a denial of service. Depending on the timing of the crash, data present in snapshots/write cache may be lost. | |||||
| CVE-2025-5875 | 2025-06-12 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 7.8 HIGH |
| An authentication bypass weakness in the message broker service of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-55567 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2024-48360 | 2025-06-12 | N/A | 7.5 HIGH | ||
| Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /request/viewValidacao.php. | |||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | |||||
| CVE-2024-44106 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
| Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-44105 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.2 HIGH |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to obtain OS credentials. | |||||
| CVE-2024-44104 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
| An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-44103 | 1 Ivanti | 1 Workspace Control | 2025-06-12 | N/A | 8.8 HIGH |
| DLL hijacking in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-11269 | 1 Mitchelllevy | 1 Ahathat | 2025-06-12 | N/A | 7.2 HIGH |
| The AHAthat Plugin WordPress plugin through 1.6 does not sanitize and escape a parameter before using it in a SQL statement, allowing Admin to perform SQL injection attacks. | |||||
| CVE-2024-11267 | 1 Joomlaserviceprovider | 1 Jsp Store Locator | 2025-06-12 | N/A | 8.8 HIGH |
| The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks. | |||||
| CVE-2025-26842 | 1 Znuny | 1 Znuny | 2025-06-12 | N/A | 7.5 HIGH |
| An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog. | |||||
| CVE-2025-47785 | 1 Emlog | 1 Emlog | 2025-06-12 | N/A | 8.3 HIGH |
| Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered. Since admin/article_save.php can be accessed by ordinary registered users, this will cause SQL injection to occur when the registered site is enabled, resulting in the injection of the admin account and password, which is then exploited by the backend remote code execution. As of time of publication, it is unknown whether a fix exists. | |||||
| CVE-2024-9831 | 1 Taskbuilder | 1 Taskbuilder | 2025-06-12 | N/A | 7.2 HIGH |
| The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | |||||
| CVE-2025-4190 | 1 Aleapp | 1 Csv Mass Importer | 2025-06-12 | N/A | 7.2 HIGH |
| The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | |||||
| CVE-2025-47273 | 2 Debian, Python | 2 Debian Linux, Setuptools | 2025-06-12 | N/A | 8.8 HIGH |
| setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. | |||||
| CVE-2025-28202 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2025-06-12 | N/A | 8.8 HIGH |
| Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication. | |||||
| CVE-2025-4871 | 1 Pcman | 1 Ftp Server | 2025-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||