|
CVE-2021-46422
|
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any... |
n/a |
n/a |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-11305
|
Altenergy Power Control Software status_zigbee get_status_zigbee sql injection |
Altenergy |
Power Control Software |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2019-11248
|
Kubernetes kubelet exposes /debug/pprof info on healthz port |
Kubernetes |
Kubernetes |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-27199
|
In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible |
JetBrains |
TeamCity |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-0305
|
Guangzhou Yingke Electronic Technology Ncast Guest Login IPSetup.php information disclosure |
Guangzhou Yingke Electronic Technology |
Ncast |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2019-18394
|
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send... |
n/a |
n/a |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-9014
|
OAuth2 client id and secret exposed through the web browser in pgAdmin 4 |
pgadmin.org |
pgAdmin 4 |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2018-11759
|
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK... |
Apache Software Foundation |
Apache Tomcat Connectors |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-21762
|
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0... |
Fortinet |
FortiProxy, FortiOS |
2025-04-24 00:00:00 UTC |
CVE |
|
CVE-2024-25735
|
An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext passwords via a SoftAP... |
n/a |
n/a |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-10914
|
D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection |
D-Link |
DNS-320, DNS-320LW, DNS-325, DNS-340L |
2025-04-24 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2018-10379
|
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2.... |
n/a |
n/a |
2025-04-23 21:33:20 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2024-0352
|
Likeshop HTTP POST Request File.php userFormImage unrestricted upload |
n/a |
Likeshop |
2025-04-23 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2022-39952
|
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0... |
Fortinet |
FortiNAC |
2025-04-23 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2023-37679
|
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. |
n/a |
n/a |
2025-04-23 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2010-0219
|
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of... |
n/a |
n/a |
2025-04-23 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2021-21307
|
Remote Code Exploit in Lucee Admin |
lucee |
Lucee |
2025-04-22 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2022-29383
|
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at... |
n/a |
n/a |
2025-04-22 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2021-21978
|
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of... |
n/a |
VMware View Planner |
2025-04-22 00:00:00 UTC |
The Shadowserver (via CIRCL) |
|
CVE-2025-31200
|
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and... |
Apple |
visionOS, iOS iOS and iPadOS, tvOS, macOS |
2025-04-17 00:00:00 UTC |
CISA |
|
CVE-2025-31201
|
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,... |
Apple |
visionOS, iOS iOS and iPadOS, tvOS, macOS |
2025-04-17 00:00:00 UTC |
CISA |
|
CVE-2025-24054
|
NTLM Hash Disclosure Spoofing Vulnerability |
Microsoft |
Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) |
2025-04-17 00:00:00 UTC |
CISA |
|
CVE-2021-20035
|
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands... |
SonicWall |
SMA100 |
2025-04-16 00:00:00 UTC |
CISA |
|
CVE-2025-3248
|
Langflow Unauth RCE |
langflow-ai |
langflow |
2025-04-13 00:00:00 UTC |
CVE |
|
CVE-2025-3102
|
SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation |
brainstormforce |
OttoKit: All-in-One Automation Platform (Formerly SureTriggers) |
2025-04-11 00:00:00 UTC |
TheHackerNews |