Total
33563 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52041 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. | |||||
| CVE-2023-51906 | 1 Yonyou | 1 Yonbip | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | |||||
| CVE-2024-29862 | 1 Chirpstack | 2 Gateway Bridge, Mqtt Forwarder | 2025-06-17 | N/A | 7.5 HIGH |
| The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. | |||||
| CVE-2024-23900 | 1 Jenkins | 1 Matrix Project | 2025-06-16 | N/A | 4.3 MEDIUM |
| Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. | |||||
| CVE-2024-23740 | 1 Getkap | 1 Kap | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. | |||||
| CVE-2024-22076 | 1 Myq-solution | 1 Print Server | 2025-06-16 | N/A | 9.8 CRITICAL |
| MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. | |||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2025-06-16 | N/A | 7.5 HIGH |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | |||||
| CVE-2023-35837 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges. | |||||
| CVE-2024-25679 | 1 Pquic | 1 Pquic | 2025-06-16 | N/A | 6.5 MEDIUM |
| In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. | |||||
| CVE-2024-25450 | 1 Enlightenment | 1 Imlib2 | 2025-06-16 | N/A | 8.8 HIGH |
| imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | |||||
| CVE-2024-0811 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2023-51751 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2025-06-16 | N/A | 6.8 MEDIUM |
| ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode. | |||||
| CVE-2023-48133 | 1 Linecorp | 1 Line | 2025-06-16 | N/A | 5.4 MEDIUM |
| An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-43994 | 1 Linecorp | 1 Line | 2025-06-16 | N/A | 5.4 MEDIUM |
| An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-42941 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-16 | N/A | 4.8 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets. | |||||
| CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | N/A | 3.3 LOW |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | |||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 5.5 MEDIUM |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases. | |||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | |||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2023-4822 | 1 Grafana | 1 Grafana | 2025-06-16 | N/A | 6.7 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. | |||||