CVE-2025-53771
|
Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft |
Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition |
2025-07-20 23:45:29 UTC |
BleepingComputer |
CVE-2025-49706
|
Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft |
Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition |
2025-07-20 10:15:32 UTC |
TheHackerNews |
CVE-2025-53770
|
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft |
Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition |
2025-07-20 10:15:25 UTC |
TheHackerNews |
CVE-2025-32819
|
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an... |
SonicWall |
SMA100 |
2025-07-18 22:45:44 UTC |
Google Threat Intelligence |
CVE-2021-20039
|
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated... |
SonicWall |
SonicWall SMA100 |
2025-07-18 22:45:36 UTC |
Google Threat Intelligence |
CVE-2025-54309
|
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote... |
CrushFTP |
CrushFTP |
2025-07-18 19:40:23 UTC |
CVE |
CVE-2025-25257
|
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0... |
Fortinet |
FortiWeb |
2025-07-17 18:00:17 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-34130
|
LILIN DVR Arbitrary File Read via net_html.cgi |
Merit LILIN |
DVR Firmware |
2025-07-16 22:40:27 UTC |
CVE |
CVE-2025-34129
|
LILIN DVR RCE via Malicious FTP/NTP Configuration |
Merit LILIN |
DVR Firmware |
2025-07-16 22:40:20 UTC |
CVE |
CVE-2019-2768
|
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The... |
Oracle Corporation |
BI Publisher (formerly XML Publisher) |
2025-07-16 12:00:20 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-6558
|
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially... |
Google |
Chrome |
2025-07-16 08:30:28 UTC |
CyberInsider |
CVE-2025-6965
|
Integer Truncation on SQLite |
SQLite |
SQLite |
2025-07-16 08:00:25 UTC |
TheHackerNews |
CVE-2025-49831
|
Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device |
cyberark |
conjur |
2025-07-15 21:40:25 UTC |
CVE |
CVE-2022-46381
|
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This... |
Linear |
eMerge E3-Series |
2025-07-15 12:00:44 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-45420
|
Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and... |
Emerson |
Dixell XWEB-500 |
2025-07-15 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-32235
|
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory... |
Ghost |
Ghost |
2025-07-15 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-35580
|
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files... |
SearchBlox |
SearchBlox |
2025-07-15 12:00:15 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-15227
|
Remote Code Execution vulnerability |
nette |
application |
2025-07-12 12:00:33 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-33690
|
Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions... |
SAP SE |
SAP NetWeaver Development Infrastructure (Component Build Service) |
2025-07-12 12:00:26 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-47812
|
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into... |
wftpserver |
Wing FTP Server |
2025-07-10 17:45:23 UTC |
Huntress Blog |
CVE-2020-28188
|
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via... |
TerraMaster |
TOS |
2025-07-09 12:00:20 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-46347
|
In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL... |
NDK Design |
Step by Step products Pack |
2025-07-08 12:03:12 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-36111
|
KubePi's JWT token validation has a defect |
1Panel-dev |
KubePi |
2025-07-08 12:03:05 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-4450
|
jeecgboot JimuReport Template injection |
jeecgboot |
JimuReport |
2025-07-08 12:02:59 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-3710
|
Printer web page invalid command execution |
Honeywell, Honeywell |
PM23/43, PC23/43, PD43, PM42, PX4ie/6ie, PX45/65, PD45, PX240, PX940, PM45, RP2f/RP4f |
2025-07-08 12:02:52 UTC |
The Shadowserver (via CIRCL) |