CVE-2012-4867
|
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary... |
vtiger |
CRM |
2025-06-09 08:35:45 UTC |
SANS Internet Storm Center |
CVE-2020-36112
|
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in... |
Musyoka Ian |
CSE Bookstore |
2025-06-08 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-30168
|
MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-1 |
MERIT LILIN ENT.CO.,LTD. |
P2/Z2/P3/Z3 IP camera firmware |
2025-06-07 12:00:33 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-24260
|
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. |
Voipmonitor |
Voipmonitor GUI |
2025-06-07 12:00:22 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-27964
|
SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to... |
SonLogger |
SonLogger |
2025-06-06 12:00:43 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-25322
|
ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. |
ZEROF |
Web Server |
2025-06-06 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-35413
|
WAPPLES through 6.0 has a hardcoded systemi account. A threat actor could use this account to access the system configuration and confidential... |
Penta Security Systems Inc. |
WAPPLES |
2025-06-06 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-12031
|
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory... |
Eaton |
Intelligent Power Manager |
2025-06-06 12:00:15 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-49113
|
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is... |
Roundcube |
Webmail |
2025-06-05 17:00:41 UTC |
BleepingComputer |
CVE-2024-57726
|
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive... |
SimpleHelp |
SimpleHelp |
2025-06-05 12:02:17 UTC |
Sophos News |
CVE-2024-57728
|
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a... |
SimpleHelp |
SimpleHelp |
2025-06-05 12:02:10 UTC |
Sophos News |
CVE-2019-17270
|
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the... |
Yachtcontrol |
Yachtcontrol |
2025-06-05 12:00:55 UTC |
The Shadowserver (via CIRCL) |
CVE-2017-18378
|
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through... |
NETGEAR |
ReadyNAS Surveillance |
2025-06-05 12:00:49 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-10548
|
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in... |
rConfig |
rConfig |
2025-06-05 12:00:41 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-2487
|
WAVLINK WN535K2/WN535K3 nightled.cgi os command injection |
WAVLINK |
WN535K2, WN535K3 |
2025-06-04 12:00:32 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-43711
|
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The... |
TOTOLINK |
EX200 |
2025-06-04 12:00:23 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-11238
|
Landray EKP sysUiComponent.do delPreviewFile path traversal |
Landray |
EKP |
2025-06-03 12:00:19 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-21479
|
Incorrect Authorization in Graphics |
Qualcomm, Inc. |
Snapdragon |
2025-06-03 07:45:18 UTC |
CyberInsider |
CVE-2025-27038
|
Use After Free in Graphics |
Qualcomm, Inc. |
Snapdragon |
2025-06-03 06:45:33 UTC |
CyberInsider |
CVE-2025-21480
|
Incorrect Authorization in Graphics Windows |
Qualcomm, Inc. |
Snapdragon |
2025-06-03 06:45:26 UTC |
CyberInsider |
CVE-2025-5419
|
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a... |
Google |
Chrome |
2025-06-03 04:30:40 UTC |
TheHackerNews |
CVE-2025-35939
|
Craft CMS stores user-provided content in session files |
Craft |
CMS |
2025-06-02 18:00:28 UTC |
CISA |
CVE-2025-3935
|
ScreenConnect Exposure to ASP.NET ViewState Code Injection |
ConnectWise |
ScreenConnect |
2025-06-02 18:00:21 UTC |
CISA |
CVE-2023-26256
|
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By... |
STAGIL |
STAGIL Navigation for Jira - Menu & Themes |
2025-06-02 12:00:41 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-26255
|
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By... |
STAGIL |
STAGIL Navigation for Jira - Menu & Themes |
2025-06-02 12:00:34 UTC |
The Shadowserver (via CIRCL) |