Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1233 | 1 Althemist | 1 Lafka Plugin | 2025-06-24 | 4.3 Medium |
| The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_options_upload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the theme option that overrides the site. | ||||
| CVE-2025-47452 | 1 Rextheme | 1 Wp Vr | 2025-06-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26. | ||||
| CVE-2025-52935 | 1 Dragonflydb | 1 Dragonfly | 2025-06-24 | N/A |
| Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18. | ||||
| CVE-2025-41228 | 1 Vmware | 2 Esxi, Vcenter Server | 2025-06-24 | 4.3 Medium |
| VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites. | ||||
| CVE-2025-41227 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2025-06-24 | 5.5 Medium |
| VMware ESXi, Workstation, and Fusion contain a denial-of-service vulnerability due to certain guest options. A malicious actor with non-administrative privileges within a guest operating system may be able to exploit this issue by exhausting memory of the host process leading to a denial-of-service condition. | ||||
| CVE-2025-41226 | 1 Vmware | 1 Esxi | 2025-06-24 | 6.8 Medium |
| VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled. | ||||
| CVE-2025-41225 | 1 Vmware | 1 Vcenter Server | 2025-06-24 | 8.8 High |
| The vCenter Server contains an authenticated command-execution vulnerability. A malicious actor with privileges to create or modify alarms and run script action may exploit this issue to run arbitrary commands on the vCenter Server. | ||||
| CVE-2025-52979 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52978 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52977 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52976 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52975 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52974 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52973 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52972 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52971 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2024-28715 | 1 Html-js | 1 Doracms | 2025-06-24 | 8.8 High |
| Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. | ||||
| CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.6 Medium |
| A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | ||||
| CVE-2024-41714 | 1 Mitel | 3 Micollab, Mivoice Business Solution Virtual Instance, Mivoice Business Solutions Virtual Instance | 2025-06-24 | 8.8 High |
| A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. | ||||
| CVE-2024-47224 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.5 Medium |
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. | ||||