Search
Search Results (329652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52977 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52976 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52975 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52974 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52973 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52972 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2025-52971 | 2025-06-24 | N/A | ||
| Not used | ||||
| CVE-2024-28715 | 1 Html-js | 1 Doracms | 2025-06-24 | 8.8 High |
| Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. | ||||
| CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.6 Medium |
| A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | ||||
| CVE-2024-41714 | 1 Mitel | 3 Micollab, Mivoice Business Solution Virtual Instance, Mivoice Business Solutions Virtual Instance | 2025-06-24 | 8.8 High |
| A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. | ||||
| CVE-2024-47224 | 1 Mitel | 1 Micollab | 2025-06-24 | 6.5 Medium |
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. | ||||
| CVE-2024-31029 | 2 Keith-cullen, Keithcullen | 2 Freecoap, Freecoap | 2025-06-24 | 8.2 High |
| An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allows remote attackers to cause a Denial of Service through specially crafted packets. | ||||
| CVE-2024-40494 | 2 Keith-cullen, Keithcullen | 2 Freecoap, Freecoap | 2025-06-24 | 9.8 Critical |
| Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. | ||||
| CVE-2024-46478 | 1 Htmldoc Project | 1 Htmldoc | 2025-06-24 | 9.8 Critical |
| HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. | ||||
| CVE-2024-40113 | 1 Sitecom | 2 Wlx-2006, Wlx-2006 Firmware | 2025-06-24 | 6.5 Medium |
| Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials. | ||||
| CVE-2024-40114 | 1 Sitecom | 2 Wlx-2006, Wlx-2006 Firmware | 2025-06-24 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code. | ||||
| CVE-2025-26136 | 2 Mysiteforme, Wangl1989 | 2 Mysiteforme, Mysiteforme | 2025-06-24 | 9.8 Critical |
| A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1. | ||||
| CVE-2025-26319 | 1 Flowiseai | 1 Flowise | 2025-06-24 | 9.8 Critical |
| FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. | ||||
| CVE-2025-27622 | 1 Jenkins | 1 Jenkins | 2025-06-24 | 4.3 Medium |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets. | ||||
| CVE-2025-27623 | 1 Jenkins | 1 Jenkins | 2025-06-24 | 4.3 Medium |
| Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission to view encrypted values of secrets. | ||||