Total
299754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30125 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | N/A | 6.2 MEDIUM |
| HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. | |||||
| CVE-2024-22734 | 1 Amcsgroup | 1 Trux Waste Management | 2025-06-17 | N/A | 6.2 MEDIUM |
| An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. | |||||
| CVE-2024-30850 | 1 Tiagorlampert | 1 Chaos | 2025-06-17 | N/A | 8.8 HIGH |
| An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | |||||
| CVE-2024-22526 | 1 Bandisoft | 1 Bandiview | 2025-06-17 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. | |||||
| CVE-2024-23576 | 1 Hcltechsw | 1 Hcl Commerce | 2025-06-17 | N/A | 7.1 HIGH |
| Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | |||||
| CVE-2020-8006 | 1 Circontrol | 1 Raption Server | 2025-06-17 | N/A | 8.8 HIGH |
| The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format. | |||||
| CVE-2024-25545 | 1 Weave | 1 Weave Desktop | 2025-06-17 | N/A | 7.8 HIGH |
| An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component. | |||||
| CVE-2024-28718 | 1 Openstack | 1 Magnum | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component. | |||||
| CVE-2024-31818 | 1 Derbynet | 1 Derbynet | 2025-06-17 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in DerbyNet v.9.0 allows a remote attacker to execute arbitrary code via the page parameter of the kiosk.php component. | |||||
| CVE-2024-30845 | 1 Rainbow External Link Network Disk Project | 1 Rainbow External Link Network Disk | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | |||||
| CVE-2024-31839 | 1 Tiagorlampert | 1 Chaos | 2025-06-17 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component. | |||||
| CVE-2024-31391 | 1 Apache | 1 Solr Operator | 2025-06-17 | N/A | 6.5 MEDIUM |
| Insertion of Sensitive Information into Log File vulnerability in the Apache Solr Operator. This issue affects all versions of the Apache Solr Operator from 0.3.0 through 0.8.0. When asked to bootstrap Solr security, the operator will enable basic authentication and create several accounts for accessing Solr: including the "solr" and "admin" accounts for use by end-users, and a "k8s-oper" account which the operator uses for its own requests to Solr. One common source of these operator requests is healthchecks: liveness, readiness, and startup probes are all used to determine Solr's health and ability to receive traffic. By default, the operator configures the Solr APIs used for these probes to be exempt from authentication, but users may specifically request that authentication be required on probe endpoints as well. Whenever one of these probes would fail, if authentication was in use, the Solr Operator would create a Kubernetes "event" containing the username and password of the "k8s-oper" account. Within the affected version range, this vulnerability affects any solrcloud resource which (1) bootstrapped security through use of the `.solrOptions.security.authenticationType=basic` option, and (2) required authentication be used on probes by setting `.solrOptions.security.probesRequireAuth=true`. Users are recommended to upgrade to Solr Operator version 0.8.1, which fixes this issue by ensuring that probes no longer print the credentials used for Solr requests. Users may also mitigate the vulnerability by disabling authentication on their healthcheck probes using the setting `.solrOptions.security.probesRequireAuth=false`. | |||||
| CVE-2023-6494 | 1 Wpclever | 1 Wpc Smart Quick View For Woocommerce | 2025-06-17 | N/A | 4.4 MEDIUM |
| The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2024-32487 | 3 Debian, Greenwoodsoftware, Netapp | 6 Debian Linux, Less, Bootstrap Os and 3 more | 2025-06-17 | N/A | 8.6 HIGH |
| less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. | |||||
| CVE-2024-3701 | 1 Tecno | 1 Hios | 2025-06-17 | N/A | 9.8 CRITICAL |
| The system application (com.transsion.kolun.aiservice) component does not perform an authentication check, which allows attackers to perform malicious exploitations and affect system services. | |||||
| CVE-2024-32085 | 1 Ait-themes | 1 Citadela Listing | 2025-06-17 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. | |||||
| CVE-2024-29500 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | |||||
| CVE-2024-29502 | 1 Inteset | 1 Secure Lockdown | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths. | |||||
| CVE-2024-31819 | 1 Wwbn | 1 Avideo | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component. | |||||
| CVE-2024-26362 | 3 Enpass, Linux, Microsoft | 3 Password Manager, Linux Kernel, Windows | 2025-06-17 | N/A | 8.8 HIGH |
| HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note. | |||||