Total
373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21343 | 6 Apache, Debian, Fedoraproject and 3 more | 15 Activemq, Jmeter, Debian Linux and 12 more | 2025-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | |||||
| CVE-2025-26684 | 1 Microsoft | 1 Defender For Endpoint | 2025-05-19 | N/A | 6.7 MEDIUM |
| External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29709 | 1 Torrahclef | 1 Company Website Cms | 2025-04-23 | N/A | 9.8 CRITICAL |
| SourceCodester Company Website CMS 1.0 has a File upload vulnerability via the "Create portfolio" file /dashboard/portfolio. | |||||
| CVE-2025-29708 | 1 Torrahclef | 1 Company Website Cms | 2025-04-23 | N/A | 9.8 CRITICAL |
| SourceCodester Company Website CMS 1.0 contains a file upload vulnerability via the "Create Services" file /dashboard/Services. | |||||
| CVE-2024-2155 | 1 Mayurik | 1 Best Pos Management System | 2025-04-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587. | |||||
| CVE-2024-33860 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | |||||
| CVE-2022-31739 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-16 | N/A | 8.8 HIGH |
| When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2024-51961 | 1 Esri | 1 Arcgis Server | 2025-04-10 | N/A | 7.5 HIGH |
| There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability. | |||||
| CVE-2022-45213 | 1 Perfsonar | 1 Perfsonar | 2025-04-10 | N/A | 5.3 MEDIUM |
| perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL. | |||||
| CVE-2024-38040 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | N/A | 7.5 HIGH |
| There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files. | |||||
| CVE-2025-25761 | 1 Hkcms | 1 Hkcms | 2025-04-09 | N/A | 7.2 HIGH |
| HkCms v2.3.2.240702 was discovered to contain an arbitrary file write vulnerability in the component Appcenter.php. | |||||
| CVE-2024-13922 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-03-26 | N/A | 2.7 LOW |
| The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | |||||
| CVE-2024-20366 | 1 Cisco | 1 Network Services Orchestrator | 2025-03-25 | N/A | 7.8 HIGH |
| A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled search path is used to locate executable files. An attacker could exploit this vulnerability by configuring the application in a way that causes a malicious file to be executed. A successful exploit could allow the attacker to execute arbitrary code on an affected device as the root user. To exploit this vulnerability, the attacker would need valid credentials on an affected device. | |||||
| CVE-2024-2917 | 1 Campcodes | 1 House Rental Management System | 2025-02-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257983. | |||||
| CVE-2024-4818 | 1 Campcodes | 1 Online Laundry Management System | 2025-02-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263939. | |||||
| CVE-2025-21377 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 6.5 MEDIUM |
| NTLM Hash Disclosure Spoofing Vulnerability | |||||
| CVE-2024-12875 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-02-07 | N/A | 4.9 MEDIUM |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-27943 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | N/A | 7.2 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | |||||
| CVE-2024-27944 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | N/A | 7.2 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | |||||
| CVE-2024-27945 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-06 | N/A | 7.2 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution. | |||||