Search Results (14105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34714 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-05-29 8.1 High
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35772 1 Microsoft 1 Azure Site Recovery Vmware To Azure 2025-05-29 7.2 High
Azure Site Recovery Remote Code Execution Vulnerability
CVE-2022-35767 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-05-29 8.1 High
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35766 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-05-29 8.1 High
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-35779 1 Microsoft 1 Azure Real Time Operating System Guix Studio 2025-05-29 7.8 High
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2022-35777 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2025-05-29 8.8 High
Visual Studio Remote Code Execution Vulnerability
CVE-2024-51360 1 Phpgurukul 1 Hospital Management System 2025-05-29 9.8 Critical
An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2025-3954 1 Churchcrm 1 Churchcrm 2025-05-29 3.7 Low
A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-21382 2 Google, Microsoft 2 Android, Edge Chromium 2025-05-29 4.3 Medium
Microsoft Edge for Android Information Disclosure Vulnerability
CVE-2023-37518 1 Hcltech 1 Bigfix Servicenow Data Flow 2025-05-29 6.4 Medium
HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.
CVE-2024-1063 1 Appwrite 1 Appwrite 2025-05-29 5.3 Medium
Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159.
CVE-2024-21649 1 Vantage6 1 Vantage6 2025-05-29 8.8 High
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
CVE-2024-23825 1 Tablepress 1 Tablepress 2025-05-29 3 Low
TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5.
CVE-2024-1117 1 Openbi 1 Openbi 2025-05-29 7.3 High
A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475.
CVE-2022-41138 1 Zutty Project 1 Zutty 2025-05-29 9.8 Critical
In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.
CVE-2025-46673 1 Nasa 1 Cryptolib 2025-05-29 4.9 Medium
NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS).
CVE-2022-3242 1 Microweber 1 Microweber 2025-05-29 6.1 Medium
Code Injection in GitHub repository microweber/microweber prior to 1.3.2.
CVE-2022-44581 1 Wpmudev 1 Defender 2025-05-28 5 Medium
Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2.
CVE-2024-31404 1 Cybozu 1 Garoon 2025-05-28 4.3 Medium
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
CVE-2024-29686 1 Wintercms 1 Winter 2025-05-28 7.2 High
Server-side Template Injection (SSTI) vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the owner of the server that hosts Winter CMS, or a developer working for them.