Total
299912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29269 | 1 Telesquare | 2 Tlr-2005ksh, Tlr-2005ksh Firmware | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | |||||
| CVE-2024-33820 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-06-17 | N/A | 7.5 HIGH |
| Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the overflow. | |||||
| CVE-2024-34506 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service. | |||||
| CVE-2024-34507 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2025-06-17 | N/A | 7.4 HIGH |
| An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000. | |||||
| CVE-2024-34510 | 1 Gradio Project | 1 Gradio | 2025-06-17 | N/A | 7.5 HIGH |
| Gradio before 4.20 allows credential leakage on Windows. | |||||
| CVE-2024-4549 | 1 Deltaww | 1 Diaenergie | 2025-06-17 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system. | |||||
| CVE-2024-34470 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server. | |||||
| CVE-2024-34472 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | |||||
| CVE-2025-46399 | 2025-06-17 | N/A | 4.7 MEDIUM | ||
| A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | |||||
| CVE-2023-52426 | 1 Libexpat Project | 1 Libexpat | 2025-06-17 | N/A | 5.5 MEDIUM |
| libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | |||||
| CVE-2023-52354 | 1 Blitiri | 1 Chasquid | 2025-06-17 | N/A | 7.5 HIGH |
| chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. | |||||
| CVE-2023-52329 | 1 Trendmicro | 1 Apex Central | 2025-06-17 | N/A | 6.1 MEDIUM |
| Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52326. | |||||
| CVE-2023-52289 | 1 Sujeetkv | 1 Flaskcode | 2025-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. | |||||
| CVE-2023-52274 | 1 Yzmcms | 1 Yzmcms | 2025-06-17 | N/A | 6.1 MEDIUM |
| member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | |||||
| CVE-2023-52251 | 1 Provectus | 1 Ui | 2025-06-17 | N/A | 8.8 HIGH |
| An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages. | |||||
| CVE-2023-52239 | 1 Magicsoftware | 1 Magic Xpi Integration Platform | 2025-06-17 | N/A | 6.5 MEDIUM |
| The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport. | |||||
| CVE-2023-52099 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-17 | N/A | 7.5 HIGH |
| Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-52068 | 1 Kodcloud | 1 Kodbox | 2025-06-17 | N/A | 6.1 MEDIUM |
| kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. | |||||
| CVE-2023-52027 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | |||||
| CVE-2023-50974 | 1 Appwrite | 1 Command Line Interface | 2025-06-17 | N/A | 5.5 MEDIUM |
| In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | |||||