Total
5280 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30923 | 1 Derbynet | 1 Derbynet | 2025-11-04 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | |||||
| CVE-2024-23278 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 8.6 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. | |||||
| CVE-2024-23208 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2024-22899 | 1 Vinchin | 1 Vinchin Backup And Recovery | 2025-11-04 | N/A | 8.8 HIGH |
| Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. | |||||
| CVE-2023-51331 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-11-04 | N/A | 6.5 MEDIUM |
| PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51324 | 1 Phpjabbers | 1 Shared Asset Booking System | 2025-11-04 | N/A | 6.5 MEDIUM |
| PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51320 | 1 Phpjabbers | 1 Night Club Booking Software | 2025-11-04 | N/A | 5.3 MEDIUM |
| PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2023-51317 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-11-04 | N/A | 6.5 MEDIUM |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||
| CVE-2025-2977 | 1 Gfi | 1 Kerio Connect | 2025-11-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-27793 | 1 Apple | 1 Itunes | 2025-11-04 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-51797 | 2025-11-04 | N/A | 6.7 MEDIUM | ||
| Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame | |||||
| CVE-2025-0708 | 1 Fumiao | 1 Opencms | 2025-11-04 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-6345 | 2025-11-04 | N/A | 8.8 HIGH | ||
| A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. | |||||
| CVE-2025-60785 | 2025-11-04 | N/A | 8.8 HIGH | ||
| A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2025-50739 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
| iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization. | |||||
| CVE-2025-61196 | 2025-11-04 | N/A | 8.8 HIGH | ||
| An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter. | |||||
| CVE-2025-10487 | 2025-11-04 | N/A | 7.3 HIGH | ||
| The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. This is due to the endpoint not properly restricting access to the AJAX endpoint or limiting the functions that can be called to safe functions. This makes it possible for unauthenticated attackers to call arbitrary functions beginning with get_the_ like get_the_excerpt which can make information exposure possible. | |||||
| CVE-2025-6990 | 2025-11-04 | N/A | 8.8 HIGH | ||
| The kallyas theme for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.0 via the `TH_PhpCode` pagebuilder widget. This is due to the theme not restricting access to the code editor widget for non-administrators. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | |||||
| CVE-2024-4040 | 1 Crushftp | 1 Crushftp | 2025-11-04 | N/A | 9.8 CRITICAL |
| A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | |||||
| CVE-2024-6923 | 2025-11-03 | N/A | 5.5 MEDIUM | ||
| There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. | |||||