Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33999 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 9.8 CRITICAL |
|
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
|
|||||
| CVE-2024-33996 | 1 Moodle | 1 Moodle | 2025-05-30 | N/A | 6.2 MEDIUM |
|
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
|
|||||
| CVE-2023-30309 | 1 Dlink | 2 Di-7003g, Di-7003g Firmware | 2025-05-30 | N/A | 5.7 MEDIUM |
|
An issue discovered in D-Link DI-7003GV2 routers allows attackers to hijack TCP sessions which could lead to a denial of service.
|
|||||
| CVE-2023-26099 | 1 Telindus | 1 Apsal | 2025-05-30 | N/A | 4.4 MEDIUM |
|
An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.
|
|||||
| CVE-2022-36442 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK.
|
|||||
| CVE-2022-36441 | 1 Zebra | 1 Enterprise Home Screen | 2025-05-30 | N/A | 7.1 HIGH |
|
An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin.
|
|||||
| CVE-2022-24447 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
|
|||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 3.5 LOW | 4.3 MEDIUM |
|
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator.
|
|||||
| CVE-2021-44035 | 1 Wolterskluwer | 1 Teammate Audit Management | 2025-05-30 | 6.8 MEDIUM | 4.4 MEDIUM |
|
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.
|
|||||
| CVE-2021-42111 | 1 Rcdevs | 1 Openotp Token | 2025-05-30 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code.
|
|||||
| CVE-2021-42110 | 1 Allegro | 1 Allegro | 2025-05-30 | 6.2 MEDIUM | 7.1 HIGH |
|
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking.
|
|||||
| CVE-2021-38618 | 1 Gfos | 1 Workforce Management | 2025-05-30 | 6.8 MEDIUM | 7.4 HIGH |
|
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
|
|||||
| CVE-2021-32017 | 1 Jump-technology | 1 Asset Management | 2025-05-30 | 4.0 MEDIUM | 9.9 CRITICAL |
|
An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files.
|
|||||
| CVE-2021-31530 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
|
|||||
| CVE-2021-31160 | 1 Zohocorp | 2 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
|
|||||
| CVE-2020-8422 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2025-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).
|
|||||
| CVE-2020-28918 | 1 Deepnetsecurity | 1 Dualshield | 2025-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
|
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
|
|||||
| CVE-2020-28406 | 1 Iris | 1 Star Practice Management | 2025-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.
|
|||||
| CVE-2020-28405 | 1 Iris | 1 Star Practice Management | 2025-05-30 | 6.5 MEDIUM | 8.8 HIGH |
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application.
|
|||||
| CVE-2020-28404 | 1 Iris | 1 Star Practice Management | 2025-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges.
|
|||||
| CVE-2020-28402 | 1 Iris | 1 Star Practice Management | 2025-05-30 | 6.5 MEDIUM | 5.4 MEDIUM |
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel.
|
|||||
| CVE-2020-28401 | 1 Iris | 1 Star Practice Management | 2025-05-30 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.
|
|||||
| CVE-2020-26167 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-05-30 | 10.0 HIGH | 9.8 CRITICAL |
|
In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one.
|
|||||
| CVE-2020-15595 | 1 Zohocorp | 1 Manageengine Application Control Plus | 2025-05-30 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access.
|
|||||
| CVE-2019-7162 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2025-05-30 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.
|
|||||
| CVE-2019-6515 | 1 Wso2 | 1 Api Manager | 2025-05-30 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
|
|||||
| CVE-2023-7252 | 1 Tickera | 1 Tickera | 2025-05-30 | N/A | 5.3 MEDIUM |
|
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.
|
|||||
| CVE-2023-31728 | 1 Teltonika-networks | 2 Rut240, Rut240 Firmware | 2025-05-30 | N/A | 7.0 HIGH |
|
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.
|
|||||
| CVE-2024-23985 | 1 Ezhometech | 1 Ezserver | 2025-05-30 | N/A | 7.5 HIGH |
|
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
|
|||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | N/A | 6.5 MEDIUM |
|
Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.
|
|||||
| CVE-2024-23770 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | N/A | 5.5 MEDIUM |
|
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
|
|||||
| CVE-2024-23730 | 1 Llamahub | 1 Llamahub | 2025-05-30 | N/A | 9.8 CRITICAL |
|
The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML.
|
|||||
| CVE-2024-23348 | 1 Appleple | 1 A-blog Cms | 2025-05-30 | N/A | 8.8 HIGH |
|
Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file.
|
|||||
| CVE-2024-22638 | 1 Livesite | 1 Livesite | 2025-05-30 | N/A | 9.8 CRITICAL |
|
liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php.
|
|||||
| CVE-2024-22636 | 1 Pluxml | 1 Pluxml | 2025-05-30 | N/A | 8.8 HIGH |
|
PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.
|
|||||
| CVE-2024-0812 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-30 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-0742 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-30 | N/A | 4.3 MEDIUM |
|
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
|
|||||
| CVE-2023-51926 | 1 Yonyou | 1 Yonbip | 2025-05-30 | N/A | 7.5 HIGH |
|
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
|
|||||
| CVE-2023-51892 | 1 Weaver | 1 E-cology | 2025-05-30 | N/A | 9.8 CRITICAL |
|
An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.
|
|||||
| CVE-2023-50693 | 1 Jester Project | 1 Jester | 2025-05-30 | N/A | 9.8 CRITICAL |
|
An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request.
|
|||||