Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5411 | 2025-06-02 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is named db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component. | |||||
| CVE-2025-5407 | 2025-06-02 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-21672 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-06-02 | N/A | 8.8 HIGH |
| This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). | |||||
| CVE-2022-1609 | 1 Weblizar | 1 School Management | 2025-06-02 | N/A | 9.8 CRITICAL |
| The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | |||||
| CVE-2025-48390 | 2025-05-30 | N/A | N/A | ||
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. The backticks characters are not removed, as well as tabulation is not removed. When checking user input, the file_exists function is also called to check for the presence of such a file (folder) in the file system. A user with the administrator role can create a translation for the language, which will create a folder in the file system. Further in tools.php, the user can specify the path to this folder as php_path, which will lead to the execution of code in backticks. This issue has been patched in version 1.8.178. | |||||
| CVE-2024-28811 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 3.3 LOW |
| An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. | |||||
| CVE-2025-44881 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | |||||
| CVE-2021-29505 | 5 Debian, Fedoraproject, Netapp and 2 more | 17 Debian Linux, Fedora, Snapmanager and 14 more | 2025-05-30 | 6.5 MEDIUM | 7.5 HIGH |
| XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. | |||||
| CVE-2022-34715 | 1 Microsoft | 1 Windows Server 2022 | 2025-05-29 | N/A | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-34714 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-35772 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-05-29 | N/A | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability | |||||
| CVE-2022-35767 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-35766 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-35779 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-05-29 | N/A | 7.8 HIGH |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||
| CVE-2022-35777 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-05-29 | N/A | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
| CVE-2023-37518 | 1 Hcltech | 1 Bigfix Servicenow Data Flow | 2025-05-29 | N/A | 6.4 MEDIUM |
| HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | |||||
| CVE-2025-32801 | 2025-05-29 | N/A | 7.8 HIGH | ||
| Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | |||||
| CVE-2022-41138 | 1 Zutty Project | 1 Zutty | 2025-05-29 | N/A | 9.8 CRITICAL |
| In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. | |||||
| CVE-2024-48061 | 1 Langflow | 1 Langflow | 2025-05-28 | N/A | 9.8 CRITICAL |
| langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | |||||