Total
4913 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.6 Medium |
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | ||||
CVE-2024-41714 | 1 Mitel | 3 Micollab, Mivoice Business Solution Virtual Instance, Mivoice Business Solutions Virtual Instance | 2025-06-24 | 8.8 High |
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. | ||||
CVE-2024-50658 | 1 Ipublishmedia | 1 Adportal | 2025-06-24 | 9.8 Critical |
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file | ||||
CVE-2025-23121 | 2025-06-23 | N/A | ||
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user | ||||
CVE-2025-24287 | 2025-06-23 | 6.1 Medium | ||
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions. | ||||
CVE-2025-6268 | 2025-06-23 | 4.3 Medium | ||
A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2025-6347 | 2025-06-23 | 2.4 Low | ||
A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-6512 | 2025-06-23 | 10 Critical | ||
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights. | ||||
CVE-2025-6353 | 2025-06-23 | 3.5 Low | ||
A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-49132 | 2025-06-23 | 10 Critical | ||
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack. | ||||
CVE-2025-6509 | 2025-06-23 | 3.5 Low | ||
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
CVE-2025-3795 | 1 Daicuo | 1 Daicuo | 2025-06-23 | 2.4 Low |
A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-42733 | 1 Docmosis | 1 Tornado | 2025-06-23 | 9.8 Critical |
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input | ||||
CVE-2025-44022 | 1 Vvveb | 1 Vvveb | 2025-06-23 | 9.8 Critical |
An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. | ||||
CVE-2025-2123 | 1 Qbnz | 1 Geshi | 2025-06-23 | 3.5 Low |
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-40446 | 1 Ctan | 1 Mimetex | 2025-06-23 | 9.8 Critical |
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script | ||||
CVE-2024-8523 | 1 Lmxcms | 1 Lmxcms | 2025-06-23 | 4.7 Medium |
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2025-28386 | 1 Openc3 | 1 Cosmos | 2025-06-23 | 9.8 Critical |
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file. | ||||
CVE-2025-3841 | 1 Wix | 1 Jam | 2025-06-23 | 3.3 Low |
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
CVE-2023-51820 | 1 Blurams | 2 Lumi Security Camera A31c, Lumi Security Camera A31c Firmware | 2025-06-20 | 6.8 Medium |
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. |