CVE-2024-6396
|
Arbitrary File Overwrite and Data Exfiltration in aimhubio/aim |
aimhubio |
aimhubio/aim |
2025-06-27 12:01:19 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-8877
|
SQL Injection |
Riello |
Netman 204 |
2025-06-27 12:01:13 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-7954
|
SPIP porte_plume Plugin Arbitrary PHP Execution |
SPIP |
SPIP |
2025-06-27 12:01:06 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-39914
|
FOG has a command injection in /fog/management/export.php?filename= |
FOGProject |
fogproject |
2025-06-27 12:00:59 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-29895
|
Cacti command injection in cmd_realtime.php |
Cacti |
cacti |
2025-06-27 12:00:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-44849
|
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. |
Qualitor |
Qualitor |
2025-06-27 12:00:42 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-2389
|
Flowmon Unauthenticated Command Injection Vulnerability |
Progress Software |
Flowmon |
2025-06-27 12:00:36 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-22319
|
IBM Operational Decision Manager JDNI injection |
IBM |
Operational Decision Manager |
2025-06-27 12:00:29 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-12720
|
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. |
vBulletin |
vBulletin |
2025-06-26 12:00:23 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-24589
|
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. |
WSO2 |
API Manager |
2025-06-26 12:00:11 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-0769
|
D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal |
D-Link |
DIR-859 |
2025-06-25 16:45:11 UTC |
CISA |
CVE-2025-6543
|
Memory overflow vulnerability leading to unintended control flow and Denial of Service |
NetScaler |
ADC, Gateway |
2025-06-25 16:30:33 UTC |
TheHackerNews |
CVE-2025-26319
|
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. |
FlowiseAI |
Flowise |
2025-06-25 12:00:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-27112
|
Navidrome has authentication bypass in Subsonic API with non-existent username |
navidrome |
navidrome |
2025-06-25 12:00:45 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2777
|
SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection |
SysAid |
SysAid On-Prem |
2025-06-25 12:00:38 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-26793
|
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username... |
Hirsch |
Enterphone MESH |
2025-06-25 12:00:31 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2775
|
SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection |
SysAid |
SysAid On-Prem |
2025-06-25 12:00:24 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2776
|
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection |
SysAid |
SysAid On-Prem |
2025-06-25 12:00:17 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2294
|
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
extendthemes |
Kubio AI Page Builder |
2025-06-25 12:00:10 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-52572
|
Hikka vulnerable to RCE through dangling web interface |
hikariatama |
Hikka |
2025-06-24 21:40:19 UTC |
CVE |
CVE-2024-54085
|
Redfish Authentication Bypass |
AMI |
MegaRAC-SPx |
2025-06-24 04:40:23 UTC |
CVE |
CVE-2019-6693
|
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup... |
Fortinet |
FortiGate |
2025-06-24 04:40:16 UTC |
CVE |
CVE-2025-34037
|
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series |
Linksys |
E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1 |
2025-06-24 03:40:18 UTC |
CVE |
CVE-2018-0127
|
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an... |
Cisco |
RV132W ADSL2+ Wireless-N VPN Router, RV134W VDSL2 Wireless-AC VPN Router |
2025-06-22 12:00:27 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-41293
|
ECOA BAS controller - Path Traversal-3 |
ECOA |
ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator |
2025-06-21 12:00:50 UTC |
The Shadowserver (via CIRCL) |