Total
298202 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6133 | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6132 | 2025-06-16 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38824 | 2025-06-16 | N/A | 9.6 CRITICAL | ||
| Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory. | |||||
| CVE-2024-38822 | 2025-06-16 | N/A | 2.7 LOW | ||
| Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion. | |||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2025-06-16 | N/A | 9.8 CRITICAL |
| An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. | |||||
| CVE-2022-23180 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-06-16 | N/A | 4.3 MEDIUM |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | |||||
| CVE-2025-5126 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5127 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2025-06-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5130 | 1 Project Team | 1 Tmall Demo | 2025-06-16 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5132 | 1 Project Team | 1 Tmall Demo | 2025-06-16 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27754 | 1 Rsjoomla | 1 Rsform\!blog | 2025-06-16 | N/A | 6.5 MEDIUM |
| A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content. | |||||
| CVE-2025-5907 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5908 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6172 | 2025-06-16 | N/A | 9.8 CRITICAL | ||
| Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. | |||||
| CVE-2025-6131 | 2025-06-16 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6130 | 2025-06-16 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5309 | 2025-06-16 | N/A | N/A | ||
| The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution. | |||||
| CVE-2025-47869 | 2025-06-16 | N/A | 9.8 CRITICAL | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to buffer overflow. Structure members buffers were updated to valid size of CONFIG_XMLRPC_STRINGSIZE+1. This issue affects Apache NuttX RTOS users that may have used or base their code on example application as presented in releases from 6.22 before 12.9.0. Users of XMLRPC in Apache NuttX RTOS are advised to review their code for this pattern and update buffer sizes as presented in the version of the example in release 12.9.0. | |||||
| CVE-2025-47868 | 2025-06-16 | N/A | 9.8 CRITICAL | ||
| Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue. | |||||
| CVE-2025-2327 | 2025-06-16 | N/A | N/A | ||
| A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured. | |||||