Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48135 | 1 Linecorp | 1 Line | 2025-06-17 | N/A | 5.4 MEDIUM |
|
An issue in mimasaka_farm mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-48131 | 1 Linecorp | 1 Line | 2025-06-17 | N/A | 5.4 MEDIUM |
|
An issue in CHIGASAKI BAKERY mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-41603 | 1 Dlink | 2 R15, R15 Firmware | 2025-06-17 | N/A | 5.3 MEDIUM |
|
D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6.
|
|||||
| CVE-2023-33295 | 1 Cohesity | 1 Cohesity Dataplatform | 2025-06-17 | N/A | 6.5 MEDIUM |
|
Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation.
|
|||||
| CVE-2023-52032 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
|
TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function.
|
|||||
| CVE-2023-52041 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-06-17 | N/A | 9.8 CRITICAL |
|
An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.
|
|||||
| CVE-2023-51906 | 1 Yonyou | 1 Yonbip | 2025-06-17 | N/A | 9.8 CRITICAL |
|
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.
|
|||||
| CVE-2024-29862 | 1 Chirpstack | 2 Gateway Bridge, Mqtt Forwarder | 2025-06-17 | N/A | 7.5 HIGH |
|
The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state.
|
|||||
| CVE-2024-23900 | 1 Jenkins | 1 Matrix Project | 2025-06-16 | N/A | 4.3 MEDIUM |
|
Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers.
|
|||||
| CVE-2024-23740 | 1 Getkap | 1 Kap | 2025-06-16 | N/A | 9.8 CRITICAL |
|
An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
|
|||||
| CVE-2024-22076 | 1 Myq-solution | 1 Print Server | 2025-06-16 | N/A | 9.8 CRITICAL |
|
MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface.
|
|||||
| CVE-2023-49549 | 1 Cesanta | 1 Mjs | 2025-06-16 | N/A | 7.5 HIGH |
|
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
|
|||||
| CVE-2023-35837 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-06-16 | N/A | 9.8 CRITICAL |
|
An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the de ...
Show More |
|||||
| CVE-2024-25679 | 1 Pquic | 1 Pquic | 2025-06-16 | N/A | 6.5 MEDIUM |
|
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.
|
|||||
| CVE-2024-25450 | 1 Enlightenment | 1 Imlib2 | 2025-06-16 | N/A | 8.8 HIGH |
|
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
|
|||||
| CVE-2024-0811 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
|
|||||
| CVE-2023-51751 | 2 Microsoft, Scalefusion | 2 Windows, Scalefusion | 2025-06-16 | N/A | 6.8 MEDIUM |
|
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
|
|||||
| CVE-2023-48133 | 1 Linecorp | 1 Line | 2025-06-16 | N/A | 5.4 MEDIUM |
|
An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-43994 | 1 Linecorp | 1 Line | 2025-06-16 | N/A | 5.4 MEDIUM |
|
An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2023-42941 | 1 Apple | 2 Ipados, Iphone Os | 2025-06-16 | N/A | 4.8 MEDIUM |
|
The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets.
|
|||||
| CVE-2023-42830 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-06-16 | N/A | 3.3 LOW |
|
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information.
|
|||||
| CVE-2023-42829 | 1 Apple | 1 Macos | 2025-06-16 | N/A | 5.5 MEDIUM |
|
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases.
|
|||||
| CVE-2024-25675 | 1 Misp | 1 Misp | 2025-06-16 | N/A | 9.8 CRITICAL |
|
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
|
|||||
| CVE-2023-5485 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-06-16 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-4822 | 1 Grafana | 1 Grafana | 2025-06-16 | N/A | 6.7 MEDIUM |
|
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.
It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.
This means that any Organization Admin ...
Show More |
|||||
| CVE-2023-43989 | 1 Linecorp | 1 Line | 2025-06-16 | N/A | 5.4 MEDIUM |
|
An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
|
|||||
| CVE-2025-5428 | 1 Juzaweb | 1 Cms | 2025-06-16 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs Page. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-45561 | 1 Linecorp | 1 Line | 2025-06-13 | N/A | 5.3 MEDIUM |
|
An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
|
|||||
| CVE-2024-48900 | 1 Moodle | 1 Moodle | 2025-06-13 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
|
|||||
| CVE-2024-46213 | 1 Redaxo | 1 Redaxo | 2025-06-13 | N/A | 7.2 HIGH |
|
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
|
|||||
| CVE-2024-31759 | 1 Publiccms | 1 Publiccms | 2025-06-12 | N/A | 8.8 HIGH |
|
An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
|
|||||
| CVE-2025-4190 | 1 Aleapp | 1 Csv Mass Importer | 2025-06-12 | N/A | 7.2 HIGH |
|
The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
|
|||||
| CVE-2025-48187 | 1 Infiniflow | 1 Ragflow | 2025-06-12 | N/A | 9.1 CRITICAL |
|
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
|
|||||
| CVE-2023-39323 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2025-06-12 | N/A | 8.1 HIGH |
|
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
|
|||||
| CVE-2023-45163 | 1 1e | 1 Platform | 2025-06-12 | N/A | 9.9 CRITICAL |
|
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Plat ...
Show More |
|||||
| CVE-2023-45161 | 1 1e | 1 Platform | 2025-06-12 | N/A | 9.9 CRITICAL |
|
The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.
To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platfo ...
Show More |
|||||
| CVE-2023-41752 | 2 Apache, Fedoraproject | 2 Traffic Server, Fedora | 2025-06-12 | N/A | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2.
Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
|
|||||
| CVE-2023-41077 | 1 Apple | 1 Macos | 2025-06-12 | N/A | 5.5 MEDIUM |
|
An app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed with improved checks.
|
|||||
| CVE-2023-22113 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql | 2025-06-12 | N/A | 2.7 LOW |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/A ...
Show More |
|||||
| CVE-2021-25736 | 2 Kubernetes, Microsoft | 2 Kubernetes, Windows | 2025-06-12 | N/A | 5.8 MEDIUM |
|
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip” field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip” field are unaffected.
|
|||||