Total
299873 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47192 | 1 Trendmicro | 1 Apex One | 2025-06-17 | N/A | 7.8 HIGH |
| An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2023-47024 | 1 Ncratleos | 1 Terminal Handler | 2025-06-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types. | |||||
| CVE-2023-47022 | 1 Ncr | 1 Terminal Handler | 2025-06-17 | N/A | 6.5 MEDIUM |
| Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection. | |||||
| CVE-2023-40528 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17, watchOS 10, macOS Sonoma 14, iOS 17 and iPadOS 17, macOS Ventura 13.6.4. An app may be able to bypass Privacy preferences. | |||||
| CVE-2023-40411 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 5.5 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data. | |||||
| CVE-2023-40385 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-06-17 | N/A | 6.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. | |||||
| CVE-2023-40383 | 1 Apple | 1 Macos | 2025-06-17 | N/A | 3.3 LOW |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. | |||||
| CVE-2023-40355 | 1 Axigen | 1 Axigen Mobile Webmail | 2025-06-17 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. | |||||
| CVE-2023-40262 | 1 Unify | 1 Openscape Voice Trace Manager V8 | 2025-06-17 | N/A | 6.1 MEDIUM |
| An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request. | |||||
| CVE-2024-34471 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 5.4 MEDIUM |
| An issue was discovered in HSC Mailinspector 5.2.17-3. A Path Traversal vulnerability (resulting in file deletion) exists in the mliRealtimeEmails.php file. The filename parameter in the export HTML functionality does not properly validate the file location, allowing an attacker to read and delete arbitrary files on the server. This was observed when the mliRealtimeEmails.php file itself was read and subsequently deleted, resulting in a 404 error for the file and disruption of email information loading. | |||||
| CVE-2024-28345 | 1 Sipwise | 1 Next Generation Communication Platform | 2025-06-17 | N/A | 5.5 MEDIUM |
| An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL. | |||||
| CVE-2024-29269 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | |||||
| CVE-2024-33820 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 7.5 HIGH |
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||||
| CVE-2024-34506 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. | |||||
| CVE-2024-34507 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 7.4 HIGH |
| An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. | |||||
| CVE-2024-34510 | 1 Gradio Project | 1 Gradio | 2025-06-17 | N/A | 7.5 HIGH |
| Gradio before 4.20 allows credential leakage on Windows. | |||||
| CVE-2024-4549 | 1 Deltaww | 1 Diaenergie | 2025-06-17 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | |||||
| CVE-2024-34470 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. | |||||
| CVE-2024-34472 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | |||||
| CVE-2025-46399 | 2025-06-17 | N/A | 4.7 MEDIUM | ||
| A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | |||||