Total
299840 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5431 | 1 Assamlook | 1 Assamlook Cms | 2025-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-31815 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-06-17 | N/A | 9.1 CRITICAL |
| In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh | |||||
| CVE-2024-24279 | 1 Secdiskapp | 1 Secdiskapp | 2025-06-17 | N/A | 8.8 HIGH |
| An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower functions. | |||||
| CVE-2024-21507 | 1 Sidorares | 1 Mysql2 | 2025-06-17 | N/A | 6.5 MEDIUM |
| Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key. | |||||
| CVE-2025-5689 | 2025-06-17 | N/A | 8.5 HIGH | ||
| A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. | |||||
| CVE-2025-39240 | 2025-06-17 | N/A | 7.2 HIGH | ||
| Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution. | |||||
| CVE-2025-22242 | 2025-06-17 | N/A | 5.6 MEDIUM | ||
| Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid” is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system. | |||||
| CVE-2025-22241 | 2025-06-17 | N/A | 5.6 MEDIUM | ||
| File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is used to auto-accept Minion authentication keys based on a pre-placed “authorization file” at a specific location and is present in the default configuration. | |||||
| CVE-2024-13772 | 1 Uxper | 1 Civi | 2025-06-17 | N/A | 5.6 MEDIUM |
| The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fb_ajax_login_or_register and google_ajax_login_or_register actions. This makes it possible for unauthenticated attackers to login as any user as long as they have access to the email. | |||||
| CVE-2023-52285 | 1 Lrx0014 | 1 Examsys | 2025-06-17 | N/A | 7.5 HIGH |
| ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter. | |||||
| CVE-2023-40264 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2025-06-17 | N/A | 4.3 MEDIUM |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated path traversal in the user interface. | |||||
| CVE-2023-28197 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 3.3 LOW |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | |||||
| CVE-2022-46721 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-40361 | 1 Elitecms | 1 Elite Cms | 2025-06-17 | N/A | 6.1 MEDIUM |
| Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. | |||||
| CVE-2022-32919 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-17 | N/A | 4.7 MEDIUM |
| The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. | |||||
| CVE-2021-46903 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control). | |||||
| CVE-2021-46902 | 1 Meinbergglobal | 1 Lantime Firmware | 2025-06-17 | N/A | 7.2 HIGH |
| An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls. | |||||
| CVE-2024-21509 | 1 Sidorares | 1 Mysql2 | 2025-06-17 | N/A | 6.5 MEDIUM |
| Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js. | |||||
| CVE-2025-5129 | 1 Sangfor | 1 Atrust | 2025-06-17 | 6.0 MEDIUM | 7.0 HIGH |
| A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-23734 | 1 Savignano | 1 S-notify | 2025-06-17 | N/A | 5.2 MEDIUM |
| Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link. | |||||