Export limit exceeded: 17153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28752 | 3 Apache, Netapp, Redhat | 9 Cxf, Oncommand Workflow Automation, Ontap Tools and 6 more | 2025-06-27 | 9.3 Critical |
| A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. | ||||
| CVE-2024-4825 | 1 Agentejo | 1 Cockpit | 2025-06-27 | 9.8 Critical |
| A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure. | ||||
| CVE-2024-36307 | 1 Trendmicro | 1 Apex One | 2025-06-27 | 4.7 Medium |
| A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-6128 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-27 | 8.8 High |
| A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-4548 | 1 Deltaww | 1 Diaenergie | 2025-06-27 | 9.8 Critical |
| An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. | ||||
| CVE-2024-4547 | 1 Deltaww | 1 Diaenergie | 2025-06-27 | 9.8 Critical |
| A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field | ||||
| CVE-2024-27439 | 1 Apache | 1 Wicket | 2025-06-27 | 6.5 Medium |
| An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. | ||||
| CVE-2024-4226 | 1 Octopus | 1 Octopus Server | 2025-06-27 | 3.5 Low |
| It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed. | ||||
| CVE-2024-24818 | 1 Espocrm | 1 Espocrm | 2025-06-27 | 5.9 Medium |
| EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. | ||||
| CVE-2024-28640 | 1 Totolink | 4 A7000r, A7000r Firmware, X5000r and 1 more | 2025-06-27 | 7.5 High |
| Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. | ||||
| CVE-2024-2241 | 1 Devolutions | 1 Workspace | 2025-06-27 | 6.3 Medium |
| Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions | ||||
| CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2025-06-27 | 7.3 High |
| StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | ||||
| CVE-2024-1316 | 1 Liquidweb | 1 Event Tickets | 2025-06-27 | 6.5 Medium |
| The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events). | ||||
| CVE-2025-32642 | 2 Appsbd, Wordpress | 2 Vite Coupon Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7. | ||||
| CVE-2025-36535 | 1 Automationdirect | 1 Mb Gateway | 2025-06-27 | 10 Critical |
| The embedded web server lacks authentication and access controls, allowing unrestricted remote access. This could lead to configuration changes, operational disruption, or arbitrary code execution depending on the environment and exposed functionality. | ||||
| CVE-2025-39380 | 2 Hospital Management System, Wordpress | 2 Hospital Management System, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through 47.0(20-11-2023). | ||||
| CVE-2025-39401 | 2 Mojoomla, Wordpress | 2 Wpams Plugin, Wordpress | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | ||||
| CVE-2025-39402 | 2 Mojoomla, Wordpress | 2 Wpams Plugin, Worpress | 2025-06-27 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through 44.0 (17-08-2023). | ||||
| CVE-2025-46616 | 1 Quantum | 1 Stornext | 2025-06-27 | 9.9 Critical |
| Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution (RCE) via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage. | ||||
| CVE-2025-47641 | 1 Woocommerce | 1 Woocommerce | 2025-06-27 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8. | ||||