Total
299812 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27445 | 2025-06-17 | N/A | 5.4 MEDIUM | ||
| A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files | |||||
| CVE-2024-44906 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go. | |||||
| CVE-2024-44905 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go. | |||||
| CVE-2024-34447 | 2025-06-17 | N/A | 7.5 HIGH | ||
| An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning. | |||||
| CVE-2024-25309 | 1 Code-projects | 1 Simple School Management System | 2025-06-17 | N/A | 8.8 HIGH |
| Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. | |||||
| CVE-2024-25201 | 1 Espruino | 1 Espruino | 2025-06-17 | N/A | 7.5 HIGH |
| Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. | |||||
| CVE-2024-23060 | 1 Totolink | 2 A3300r, A3300r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | |||||
| CVE-2024-23049 | 1 B3log | 1 Symphony | 2025-06-17 | N/A | 9.8 CRITICAL |
| An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | |||||
| CVE-2024-21821 | 1 Tp-link | 6 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 3 more | 2025-06-17 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | |||||
| CVE-2023-5879 | 1 Geniecompany | 1 Aladdin Connect | 2025-06-17 | N/A | 6.8 MEDIUM |
| Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials. | |||||
| CVE-2023-51890 | 1 Ctan | 1 Mathtex | 2025-06-17 | N/A | 7.5 HIGH |
| An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL. | |||||
| CVE-2023-50349 | 1 Hcltech | 1 Sametime | 2025-06-17 | N/A | 5.9 MEDIUM |
| Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. | |||||
| CVE-2023-47459 | 1 Knovos | 1 Discovery | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component. | |||||
| CVE-2022-48577 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 5.5 MEDIUM |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | |||||
| CVE-2022-37780 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2025-06-17 | N/A | 7.2 HIGH |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the pingAddr parameter of the tracert function. | |||||
| CVE-2022-36661 | 1 Xhyve Project | 1 Xhyve | 2025-06-17 | N/A | 6.5 MEDIUM |
| xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_read(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. | |||||
| CVE-2022-36660 | 1 Xhyve Project | 1 Xhyve | 2025-06-17 | N/A | 9.8 CRITICAL |
| xhyve commit dfbe09b was discovered to contain a stack buffer overflow via the component pci_vtrnd_notify(). | |||||
| CVE-2022-36659 | 1 Xhyve Project | 1 Xhyve | 2025-06-17 | N/A | 6.5 MEDIUM |
| xhyve commit dfbe09b was discovered to contain a NULL pointer dereference via the component vi_pci_write(). This vulnerability allows attackers to cause a Denial of Service via unspecified vectors. | |||||
| CVE-2022-36587 | 1 Tenda | 2 G3, G3 Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer overflow vulnerability caused by sprintf in function in the httpd binary. | |||||
| CVE-2022-36513 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist. | |||||