Total
298258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-06-17 | N/A | 8.8 HIGH |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | |||||
| CVE-2024-44068 | 1 Samsung | 12 Exynos 850, Exynos 850 Firmware, Exynos 980 and 9 more | 2025-06-17 | N/A | 8.1 HIGH |
| An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-43200 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-17 | N/A | 4.8 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | |||||
| CVE-2024-46292 | 1 Trustwave | 1 Modsecurity | 2025-06-17 | N/A | 7.5 HIGH |
| A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue). | |||||
| CVE-2024-45184 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-06-17 | N/A | 6.2 MEDIUM |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service. | |||||
| CVE-2024-48700 | 1 Kliqqi | 1 Kliqqi Cms | 2025-06-17 | N/A | 7.2 HIGH |
| Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component. | |||||
| CVE-2024-48112 | 1 Thinkphp | 1 Thinkphp | 2025-06-17 | N/A | 9.8 CRITICAL |
| A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | |||||
| CVE-2024-34402 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-06-17 | N/A | 8.6 HIGH |
| An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. | |||||
| CVE-2024-34403 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-06-17 | N/A | 5.9 MEDIUM |
| An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. | |||||
| CVE-2024-23686 | 1 Owasp | 1 Dependency-check | 2025-06-17 | N/A | 5.3 MEDIUM |
| DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | |||||
| CVE-2024-23055 | 1 Plone | 1 Plone Docker Official Image | 2025-06-17 | N/A | 6.1 MEDIUM |
| An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. | |||||
| CVE-2024-22912 | 1 Swftools | 1 Swftools | 2025-06-17 | N/A | 7.8 HIGH |
| A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | |||||
| CVE-2024-22567 | 1 Mingsoft | 1 Mcms | 2025-06-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. | |||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | N/A | 9.8 CRITICAL |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-7074 | 1 Giovambattistafazioli | 1 Wp Social Bookmark Menu | 2025-06-17 | N/A | 8.8 HIGH |
| The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2023-6161 | 1 Themeum | 1 Wp Crowdfunding | 2025-06-17 | N/A | 6.1 MEDIUM |
| The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-5041 | 1 Tracktheclick | 1 Track The Click | 2025-06-17 | N/A | 8.8 HIGH |
| The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. | |||||
| CVE-2023-52032 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | |||||
| CVE-2023-51282 | 1 Mingsoft | 1 Mcms | 2025-06-17 | N/A | 7.5 HIGH |
| An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. | |||||
| CVE-2023-46953 | 1 Abocms | 1 Abo.cms | 2025-06-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | |||||