Total
4919 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5378 | 2025-06-02 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-21672 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-06-02 | 8.8 High |
| This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). | ||||
| CVE-2022-1609 | 1 Weblizar | 1 School Management | 2025-06-02 | 9.8 Critical |
| The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site. | ||||
| CVE-2024-6655 | 1 Redhat | 1 Enterprise Linux | 2025-06-01 | 7 High |
| A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. | ||||
| CVE-2024-28811 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | 3.3 Low |
| An issue was discovered in Infinera hiT 7300 5.60.50. A web application allows a remote privileged attacker to execute applications contained in a specific OS directory via HTTP invocations. | ||||
| CVE-2024-0521 | 1 Paddlepaddle | 1 Paddle | 2025-05-30 | 7.8 High |
| Code Injection in paddlepaddle/paddle | ||||
| CVE-2025-44881 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2025-05-30 | 9.8 Critical |
| A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input. | ||||
| CVE-2021-29505 | 6 Debian, Fedoraproject, Netapp and 3 more | 24 Debian Linux, Fedora, Snapmanager and 21 more | 2025-05-30 | 7.5 High |
| XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17. | ||||
| CVE-2022-34715 | 1 Microsoft | 1 Windows Server 2022 | 2025-05-29 | 9.8 Critical |
| Windows Network File System Remote Code Execution Vulnerability | ||||
| CVE-2022-34714 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-35772 | 1 Microsoft | 1 Azure Site Recovery Vmware To Azure | 2025-05-29 | 7.2 High |
| Azure Site Recovery Remote Code Execution Vulnerability | ||||
| CVE-2022-35767 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-05-29 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-35766 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-05-29 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2022-35779 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-05-29 | 7.8 High |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | ||||
| CVE-2022-35777 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-05-29 | 8.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-51360 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-29 | 9.8 Critical |
| An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file | ||||
| CVE-2023-37518 | 1 Hcltech | 1 Bigfix Servicenow Data Flow | 2025-05-29 | 6.4 Medium |
| HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user. | ||||
| CVE-2024-21649 | 1 Vantage6 | 1 Vantage6 | 2025-05-29 | 8.8 High |
| The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. | ||||
| CVE-2024-1117 | 1 Openbi | 1 Openbi | 2025-05-29 | 7.3 High |
| A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. | ||||
| CVE-2025-32801 | 1 Redhat | 1 Enterprise Linux | 2025-05-29 | 7.8 High |
| Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | ||||