CVE-2020-13638
|
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been... |
rConfig |
rConfig |
2025-06-02 12:00:27 UTC |
The Shadowserver (via CIRCL) |
CVE-2014-2321
|
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated... |
ZTE |
F460 & F660 |
2025-06-01 12:01:13 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-0952
|
Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update |
click5 |
Sitemap by click5 |
2025-06-01 12:01:06 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-33544
|
UDP Technology/Geutebrück camera devices: command injection leading to RCE |
Geutebrück |
E2 Series, Encoder G-Code |
2025-06-01 12:00:59 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-11991
|
When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to... |
Apache Software Foundation |
Apache Cocoon |
2025-06-01 12:00:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-8181
|
Flowise Authentication Bypass |
FlowiseAI |
Flowise |
2025-06-01 12:00:45 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-29153
|
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows... |
HashiCorp |
Consul & Consul Enterprise |
2025-06-01 12:00:38 UTC |
The Shadowserver (via CIRCL) |
CVE-2017-1000170
|
jqueryFileTree 2.1.5 and older Directory Traversal |
jqueryFileTree |
jqueryFileTree |
2025-06-01 12:00:31 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-31465
|
An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to... |
FSMLabs |
TimeKeeper |
2025-05-31 12:00:41 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-46574
|
An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the... |
TOTOLINK |
A3700R |
2025-05-31 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-41109
|
SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. |
Patton LLC |
SmartNode SN200 |
2025-05-31 12:00:27 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-34659
|
jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. |
JEECG |
jeecg-boot |
2025-05-31 12:00:20 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-19276
|
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary... |
OpenMRS |
OpenMRS |
2025-05-30 12:00:41 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-2894
|
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are... |
Oracle Corporation |
WebLogic Server |
2025-05-30 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-1708
|
Improper limitation of a pathname to a restricted directory (“path traversal”) |
ConnectWise |
ScreenConnect |
2025-05-30 00:00:00 UTC |
TheHackerNews |
CVE-2024-56145
|
RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms |
craftcms |
cms |
2025-05-30 00:00:00 UTC |
TrendMicro |
CVE-2024-9047
|
WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php |
nickboss |
WordPress File Upload |
2025-05-30 00:00:00 UTC |
TrendMicro |
CVE-2022-1952
|
eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload |
Syntactics, Inc. |
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC |
2025-05-29 12:00:37 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-2648
|
Weaver E-Office uploadify.php unrestricted upload |
Weaver |
E-Office |
2025-05-29 12:00:30 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-29597
|
IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to... |
IncomCMS |
IncomCMS |
2025-05-29 12:00:23 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-48930
|
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an... |
TeleMessage |
service |
2025-05-28 18:40:22 UTC |
CVE |
CVE-2025-48929
|
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration... |
TeleMessage |
service |
2025-05-28 18:40:15 UTC |
CVE |
CVE-2025-48928
|
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which... |
TeleMessage |
service |
2025-05-28 17:40:38 UTC |
CVE |
CVE-2025-48927
|
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in... |
TeleMessage |
service |
2025-05-28 17:40:31 UTC |
CVE |
CVE-2025-48926
|
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone... |
TeleMessage |
service |
2025-05-28 17:40:25 UTC |
CVE |