Search
Search Results (338066 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21418 | 1 Axis | 4 Axis Os, Axis Os 2018, Axis Os 2020 and 1 more | 2025-06-11 | 7.1 High |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-9529 | 2 Advancedcustomfields, Wpengine | 3 Advanced Custom Fields, Advanced Custom Field Pro, Advanced Custom Fields | 2025-06-11 | 6.6 Medium |
| The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions. | ||||
| CVE-2024-41588 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | 8 High |
| The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | ||||
| CVE-2024-41590 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | 8 High |
| Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. | ||||
| CVE-2024-41596 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | 8 High |
| Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | ||||
| CVE-2025-3877 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-06-11 | 5.4 Medium |
| This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986. | ||||
| CVE-2024-27447 | 1 Pretix | 1 Pretix | 2025-06-11 | 9.8 Critical |
| pretix before 2024.1.1 mishandles file validation. | ||||
| CVE-2011-10007 | 1 Redhat | 3 Enterprise Linux, Rhel Els, Rhel Eus | 2025-06-11 | 8.8 High |
| File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users) | ||||
| CVE-2024-33752 | 1 Emlog | 1 Emlog | 2025-06-11 | 6.3 Medium |
| An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. | ||||
| CVE-2024-33117 | 1 Crmeb | 1 Crmeb Java | 2025-06-11 | 5.3 Medium |
| crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. | ||||
| CVE-2025-49793 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49792 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49791 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49790 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49789 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49788 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49787 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49786 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49785 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-47102 | 2025-06-11 | N/A | ||
| This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. | ||||