CVE-2025-25257
|
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0... |
Fortinet |
FortiWeb |
2025-07-17 18:00:17 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-34130
|
LILIN DVR Arbitrary File Read via net_html.cgi |
Merit LILIN |
DVR Firmware |
2025-07-16 22:40:27 UTC |
CVE |
CVE-2025-34129
|
LILIN DVR RCE via Malicious FTP/NTP Configuration |
Merit LILIN |
DVR Firmware |
2025-07-16 22:40:20 UTC |
CVE |
CVE-2019-2768
|
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The... |
Oracle Corporation |
BI Publisher (formerly XML Publisher) |
2025-07-16 12:00:20 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-6558
|
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially... |
Google |
Chrome |
2025-07-16 08:30:28 UTC |
CyberInsider |
CVE-2025-6965
|
Integer Truncation on SQLite |
SQLite |
SQLite |
2025-07-16 08:00:25 UTC |
TheHackerNews |
CVE-2025-49831
|
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device |
cyberark |
conjur |
2025-07-15 21:40:25 UTC |
CVE |
CVE-2022-46381
|
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This... |
Linear |
eMerge E3-Series |
2025-07-15 12:00:44 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-45420
|
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and... |
Emerson |
Dixell XWEB-500 |
2025-07-15 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-32235
|
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory... |
Ghost |
Ghost |
2025-07-15 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-35580
|
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files... |
SearchBlox |
SearchBlox |
2025-07-15 12:00:15 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-15227
|
Remote Code Execution vulnerability |
nette |
application |
2025-07-12 12:00:33 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-33690
|
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions... |
SAP SE |
SAP NetWeaver Development Infrastructure (Component Build Service) |
2025-07-12 12:00:26 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-47812
|
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into... |
wftpserver |
Wing FTP Server |
2025-07-10 17:45:23 UTC |
Huntress Blog |
CVE-2020-28188
|
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via... |
TerraMaster |
TOS |
2025-07-09 12:00:20 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-46347
|
In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL... |
NDK Design |
Step by Step products Pack |
2025-07-08 12:03:12 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-36111
|
KubePi's JWT token validation has a defect |
1Panel-dev |
KubePi |
2025-07-08 12:03:05 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-4450
|
jeecgboot JimuReport Template injection |
jeecgboot |
JimuReport |
2025-07-08 12:02:59 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-3710
|
Printer web page invalid command execution |
Honeywell, Honeywell |
PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f |
2025-07-08 12:02:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-26802
|
An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass... |
Digital China Networks |
DCBI-Netlog-LAB |
2025-07-08 12:02:42 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-35885
|
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. |
CloudPanel |
CloudPanel |
2025-07-08 12:02:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-4634
|
The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including,... |
dglingren |
Media Library Assistant |
2025-07-08 12:02:27 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-3836
|
Dahua Smart Park Management unrestricted upload |
Dahua |
Smart Park Management |
2025-07-08 12:02:20 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-31446
|
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This... |
Cassia Networks |
Cassia Gateway firmware |
2025-07-08 12:02:11 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-33831
|
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a... |
FUXA |
FUXA |
2025-07-08 12:02:00 UTC |
The Shadowserver (via CIRCL) |