CVE-2023-52028
|
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. |
TOTOlink |
A3700R |
2025-07-08 12:01:51 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-1698
|
WAGO: WBM Command Injection in multiple products |
WAGO |
Compact Controller CC100, Edge Controller, PFC100, PFC200, Touch Panel 600 Advanced Line, Touch Panel 600 Marine Line, Touch Panel 600 Standard Line |
2025-07-08 12:01:44 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-25135
|
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers... |
vBulletin |
vBulletin |
2025-07-08 12:01:35 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-34133
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an... |
SonicWall |
GMS, Analytics |
2025-07-08 12:01:28 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-29919
|
SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not... |
n/a |
SolarView Compact |
2025-07-08 12:01:18 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-23333
|
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions... |
SolarView |
Compact |
2025-07-08 12:01:10 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-30625
|
rudder-server vulnerable to SQL Injection |
rudderlabs |
rudder-server |
2025-07-08 12:01:03 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-36509
|
H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. |
H3C |
GR3200 |
2025-07-08 12:00:53 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-28343
|
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone... |
Altenergy |
Power Control Software |
2025-07-08 12:00:42 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-1177
|
Path Traversal: '\..\filename' in mlflow/mlflow |
mlflow |
mlflow/mlflow |
2025-07-08 12:00:35 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-22478
|
KubePi is vulnerable to missing authorization |
KubeOperator |
KubePi |
2025-07-08 12:00:28 UTC |
The Shadowserver (via CIRCL) |
CVE-2014-3931
|
fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allows remote attackers to cause an arbitrary memory write and memory corruption. |
n/a |
Multi-Router Looking Glass |
2025-07-07 17:45:39 UTC |
CISA |
CVE-2016-10033
|
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command... |
PHPMailer |
PHPMailer |
2025-07-07 17:45:30 UTC |
CISA |
CVE-2019-5418
|
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted... |
Rails |
https://github.com/rails/rails |
2025-07-07 17:45:23 UTC |
CISA |
CVE-2019-9621
|
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows... |
Zimbra |
Collaboration Suite |
2025-07-07 17:45:14 UTC |
CISA |
CVE-2021-24442
|
Poll, Survey, Questionnaire and Voting system < 1.5.3 - Unauthenticated Blind SQL Injection |
wpdevart |
Poll, Survey, Questionnaire and Voting system |
2025-07-07 12:01:33 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-22897
|
A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for... |
ApolloTheme |
AP PageBuilder for PrestaShop |
2025-07-07 12:01:23 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-2488
|
WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection |
WAVLINK |
WN535K2, WN535K3 |
2025-07-07 12:01:16 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-35235
|
vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access... |
WordPress |
secure-file-manager plugin |
2025-07-07 12:01:04 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-25487
|
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. |
thedigicraft |
Atom CMS |
2025-07-07 12:00:53 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-1335
|
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the... |
Apache Software Foundation |
Apache Tika |
2025-07-06 12:00:53 UTC |
The Shadowserver (via CIRCL) |
CVE-2019-15642
|
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval... |
Webmin |
Webmin |
2025-07-06 12:00:44 UTC |
The Shadowserver (via CIRCL) |
CVE-2017-6090
|
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute... |
PhpCollab |
PhpCollab |
2025-07-06 12:00:35 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-1000130
|
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on... |
Jolokia |
Jolokia agent |
2025-07-06 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-5777
|
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread |
NetScaler |
ADC, Gateway |
2025-07-04 12:00:14 UTC |
The Shadowserver (via CIRCL) |