Total
299377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32487 | 3 Debian, Greenwoodsoftware, Netapp | 6 Debian Linux, Less, Bootstrap Os and 3 more | 2025-06-17 | N/A | 8.6 HIGH |
| less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. | |||||
| CVE-2024-3701 | 1 Tecno | 1 Hios | 2025-06-17 | N/A | 9.8 CRITICAL |
| The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | |||||
| CVE-2024-32085 | 1 Ait-themes | 1 Citadela Listing | 2025-06-17 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. | |||||
| CVE-2024-29500 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | |||||
| CVE-2024-29502 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | |||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | |||||
| CVE-2024-26362 | 3 Enpass, Linux, Microsoft | 3 Password Manager, Linux Kernel, Windows | 2025-06-17 | N/A | 8.8 HIGH |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | |||||
| CVE-2024-29504 | 1 Summernote | 1 Summernote | 2025-06-17 | N/A | 7.6 HIGH |
| Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter. | |||||
| CVE-2024-27683 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. | |||||
| CVE-2024-29937 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-06-17 | N/A | 9.8 CRITICAL |
| NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | |||||
| CVE-2024-3652 | 1 Libreswan | 1 Libreswan | 2025-06-17 | N/A | 6.5 MEDIUM |
| The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. | |||||
| CVE-2024-30884 | 1 Discuz | 1 Discuzx | 2025-06-17 | N/A | 7.1 HIGH |
| Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | |||||
| CVE-2024-29399 | 1 Gnu | 1 Savane | 2025-06-17 | N/A | 7.6 HIGH |
| An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. | |||||
| CVE-2024-30915 | 1 Objectcomputing | 1 Opendds | 2025-06-17 | N/A | 4.3 MEDIUM |
| An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. | |||||
| CVE-2024-30917 | 1 Eprosima | 1 Fast Dds | 2025-06-17 | N/A | 5.5 MEDIUM |
| An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component. | |||||
| CVE-2023-32295 | 1 Easyappointments | 1 Easy\!appointments | 2025-06-17 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. | |||||
| CVE-2023-29483 | 4 Dnspython, Eventlet, Fedoraproject and 1 more | 5 Dnspython, Eventlet, Fedora and 2 more | 2025-06-17 | N/A | 7.0 HIGH |
| eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. | |||||
| CVE-2024-25376 | 1 Thesycon | 1 Tusbaudio | 2025-06-17 | N/A | 7.8 HIGH |
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | |||||
| CVE-2024-25852 | 1 Linksys | 2 Re7000, Re7000 Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. | |||||
| CVE-2025-6173 | 2025-06-17 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this flaw but considers it a low-level issue due to admin privilege pre-requisites. Still, a fix is planned for a future release. | |||||