CVE-2025-48925
|
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the... |
TeleMessage |
service |
2025-05-28 17:40:18 UTC |
CVE |
CVE-2020-13117
|
Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request. |
Wavlink |
WN575A4 & WN579X3 |
2025-05-28 12:00:41 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-35713
|
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell... |
Belkin |
LINKSYS RE6500 |
2025-05-28 12:00:34 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-39780
|
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist... |
ASUS |
RT-AX55 |
2025-05-28 00:00:00 UTC |
GreyNoise |
CVE-2019-18818
|
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and... |
Strapi |
Strapi |
2025-05-27 12:00:42 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-47248
|
PyArrow, PyArrow: Arbitrary code execution when loading a malicious data file |
Apache Software Foundation |
PyArrow |
2025-05-27 12:00:36 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-51467
|
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability |
Apache Software Foundation |
Apache OFBiz |
2025-05-27 12:00:29 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-49070
|
Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present |
Apache Software Foundation |
Apache OFBiz |
2025-05-27 12:00:21 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-40000
|
WordPress LiteSpeed Cache plugin <= 5.7 - Unauthenticated Site Wide Stored XSS vulnerability |
LiteSpeed Technologies |
LiteSpeed Cache |
2025-05-27 00:00:00 UTC |
WPScan |
CVE-2025-48827
|
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP... |
vBulletin |
vBulletin |
2025-05-27 00:00:00 UTC |
KEVIntel |
CVE-2025-48828
|
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting... |
vBulletin |
vBulletin |
2025-05-27 00:00:00 UTC |
KEVIntel |
CVE-2021-36356
|
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts... |
KRAMER |
VIAware |
2025-05-26 12:00:44 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-1454
|
jeecg-boot qurestSql sql injection |
jeecg |
jeecg-boot |
2025-05-26 12:00:37 UTC |
The Shadowserver (via CIRCL) |
CVE-2023-34960
|
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands... |
Chamilo |
Chamilo |
2025-05-25 12:00:17 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-29441
|
Authentication bypass |
alibaba |
nacos |
2025-05-25 12:00:10 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-17456
|
SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. |
SEOWONINTECH CO., LTD |
SLC-130 & SLR-120S |
2025-05-24 12:00:23 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-4918
|
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4,... |
Mozilla |
Firefox, Firefox ESR, Thunderbird |
2025-05-24 12:00:16 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-4919
|
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects... |
Mozilla |
Firefox, Firefox ESR, Thunderbird |
2025-05-24 12:00:10 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-2958
|
BadgeOS < 3.7.1.3 - Subscriber+ SQLi |
learningtimes |
BadgeOS |
2025-05-23 18:00:30 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-0769
|
Users Ultra <= 3.1.0 - Unauthenticated SQL Injection |
ExpressTech Systems |
Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin |
2025-05-23 18:00:22 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-7700
|
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a... |
DedeCMS |
DedeCMS |
2025-05-20 12:00:58 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-43287
|
An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is enabled by default, leaks all secrets known to... |
ThoughtWorks |
GoCD |
2025-05-20 12:00:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-3223
|
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. |
Node-RED |
Node-RED Dashboard |
2025-05-20 12:00:45 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-17246
|
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana... |
Elastic |
Kibana |
2025-05-20 12:00:37 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-9264
|
Grafana SQL Expressions allow for remote code execution |
Grafana |
Grafana |
2025-05-19 18:00:16 UTC |
The Shadowserver (via CIRCL) |