Total
300012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48700 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | N/A | 7.2 HIGH |
| Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. | |||||
| CVE-2024-48112 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | N/A | 9.8 CRITICAL |
| A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | |||||
| CVE-2024-34402 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. | |||||
| CVE-2024-34403 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-06-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. | |||||
| CVE-2024-23686 | 1 Owasp | 1 Dependency-check | 2025-06-17 | N/A | 5.3 MEDIUM |
| DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | |||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2025-06-17 | N/A | 6.1 MEDIUM |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | |||||
| CVE-2024-22912 | 1 Swftools | 1 Swftools | 2025-06-17 | N/A | 7.8 HIGH |
| A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | |||||
| CVE-2024-22567 | 1 Mingsoft | 1 Mcms | 2025-06-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | |||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | N/A | 9.8 CRITICAL |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-7074 | 1 Giovambattistafazioli | 1 Wp Social Bookmark Menu | 2025-06-17 | N/A | 8.8 HIGH |
| The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2023-6161 | 1 Themeum | 1 Wp Crowdfunding | 2025-06-17 | N/A | 6.1 MEDIUM |
| The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-5041 | 1 Tracktheclick | 1 Track The Click | 2025-06-17 | N/A | 8.8 HIGH |
| The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. | |||||
| CVE-2023-52032 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | |||||
| CVE-2023-51282 | 1 Mingsoft | 1 Mcms | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. | |||||
| CVE-2023-46953 | 1 Abocms | 1 Abo.cms | 2025-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | |||||
| CVE-2023-44077 | 2 Apple, Studionetworksolutions | 2 Macos, Sharebrowser | 2025-06-17 | N/A | 9.8 CRITICAL |
| Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636. | |||||
| CVE-2023-36236 | 1 Webkul | 1 Bagisto | 2025-06-17 | N/A | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad. | |||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2025-06-17 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | |||||
| CVE-2023-25365 | 1 Octobercms | 1 October | 2025-06-17 | N/A | 7.8 HIGH |
| Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3 | |||||
| CVE-2023-25295 | 1 Gruen | 1 Evewa3 | 2025-06-17 | N/A | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel. | |||||