Total
4596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34714 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-35772 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-05-29 | N/A | 7.2 HIGH |
| Azure Site Recovery Remote Code Execution Vulnerability | |||||
| CVE-2022-35767 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-35766 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2022-35779 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-05-29 | N/A | 7.8 HIGH |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||
| CVE-2022-35777 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-05-29 | N/A | 8.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | N/A | 9.8 CRITICAL |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | |||||
| CVE-2023-37518 | 1 Hcltech | 1 Bigfix Servicenow Data Flow | 2025-05-29 | N/A | 6.4 MEDIUM |
| HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | |||||
| CVE-2025-32801 | 2025-05-29 | N/A | 7.8 HIGH | ||
| Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | |||||
| CVE-2022-41138 | 1 Zutty Project | 1 Zutty | 2025-05-29 | N/A | 9.8 CRITICAL |
| In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. | |||||
| CVE-2024-48061 | 1 Langflow | 1 Langflow | 2025-05-28 | N/A | 9.8 CRITICAL |
| langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | |||||
| CVE-2025-5127 | 2025-05-28 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-28146 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-28 | N/A | 9.8 CRITICAL |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel | |||||
| CVE-2024-50704 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
| Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. | |||||
| CVE-2024-50707 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | N/A | 10.0 CRITICAL |
| Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | |||||
| CVE-2025-2061 | 1 Fabianros | 1 Online Ticket Reservation System | 2025-05-28 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0961 | 1 Anisha | 1 Job Recruitment | 2025-05-28 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0348 | 1 Campcodes | 1 Deped Equipment Inventory System | 2025-05-28 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-28640 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-28 | N/A | 8.8 HIGH |
| A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability. | |||||
| CVE-2025-4745 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||