Total
35771 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40575 | 1 Huawei | 1 Opengauss | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | |||||
| CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2026-06-17 | N/A | 8.8 HIGH |
| PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | |||||
| CVE-2024-40547 | 1 Publiccms | 1 Publiccms | 2026-06-17 | N/A | 6.5 MEDIUM |
| PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace. | |||||
| CVE-2024-40522 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 8.8 HIGH |
| There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. | |||||
| CVE-2024-40521 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 8.8 HIGH |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | |||||
| CVE-2024-40520 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 8.8 HIGH |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | |||||
| CVE-2024-40519 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 8.8 HIGH |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | |||||
| CVE-2024-40518 | 1 Seacms | 1 Seacms | 2026-06-17 | N/A | 8.8 HIGH |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | |||||
| CVE-2024-40407 | 1 Cybelesoft | 1 Thinfinity Workspace | 2026-06-17 | N/A | 7.5 HIGH |
| A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors. | |||||
| CVE-2024-3968 | 1 Microfocus | 1 Imanager | 2026-06-17 | N/A | 7.8 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. | |||||
| CVE-2024-3959 | 1 Gitlab | 1 Gitlab | 2026-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user. | |||||
| CVE-2024-3927 | 1 Bdthemes | 1 Element Pack | 2026-06-17 | N/A | 5.3 MEDIUM |
| The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form. | |||||
| CVE-2024-3892 | 1 Progress | 1 Telerik Ui For Winforms | 2026-06-17 | N/A | 7.2 HIGH |
| A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. | |||||
| CVE-2024-3872 | 1 Mattermost | 1 Mattermost Mobile | 2026-06-17 | N/A | 3.1 LOW |
| Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link. | |||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-3846 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-3845 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-3844 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2024-3843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 4.3 MEDIUM |
| Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-3840 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2026-06-17 | N/A | 7.5 HIGH |
| Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | |||||
