CVE-2024-11182
|
Stored XSS vulnerability in MDaemon Email Server |
MDaemon |
Email Server |
2025-05-19 17:45:31 UTC |
CISA |
CVE-2024-27443
|
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature... |
Synacor |
Zimbra Collaboration Suite (ZCS) |
2025-05-19 17:45:24 UTC |
CISA |
CVE-2023-38950
|
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a... |
ZKTeco |
BioTime |
2025-05-19 17:45:17 UTC |
CISA |
CVE-2025-47916
|
Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the... |
invisioncommunity |
Invision Power Board |
2025-05-19 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-12124
|
A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to... |
WAVLINK |
WN530H4 |
2025-05-18 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-19365
|
The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically... |
Wowza |
Streaming Engine |
2025-05-18 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-47945
|
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled... |
ThinkPHP |
ThinkPHP Framework |
2025-05-18 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-15920
|
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with... |
Mida Solutions |
Mida eFramework |
2025-05-18 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-21479
|
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the... |
SAP SE |
SCIMono |
2025-05-18 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-35476
|
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written... |
OpenTSDB |
OpenTSDB |
2025-05-18 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-4050
|
JoomSport < 5.2.8 - Unauthenticated SQLi |
beardev |
JoomSport |
2025-05-17 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-2507
|
command injection vulnerability in Helpdesk |
QNAP Systems Inc. |
Helpdesk |
2025-05-17 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-29007
|
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows... |
Anuj Kumar |
Dairy Farm Shop Management System |
2025-05-16 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-20837
|
Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002... |
Six Apart Ltd. |
Movable Type |
2025-05-16 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2017-14135
|
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute... |
Dream Multimedia |
webadmin plugin |
2025-05-16 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2022-0867
|
ARPrice Lite < 3.6.1 - Unauthenticated SQLi |
reputeinfosystems |
Pricing Table Plugin |
2025-05-16 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-12987
|
DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection |
DrayTek |
Vigor2960, Vigor300B |
2025-05-15 18:00:21 UTC |
CISA |
CVE-2025-4664
|
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a... |
Google |
Chrome |
2025-05-15 11:15:14 UTC |
CyberInsider |
CVE-2024-31750
|
SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. |
n/a |
n/a |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-48307
|
JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. |
n/a |
n/a |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-28734
|
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET... |
n/a |
n/a |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-2330
|
Netentsec NS-ASG Application Security Gateway index.php sql injection |
Netentsec |
NS-ASG Application Security Gateway |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-48455
|
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327... |
Netis |
Wifi6 Router |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-57049
|
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the... |
n/a |
n/a |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-45388
|
Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) |
SpectoLabs |
hoverfly |
2025-05-15 00:00:00 UTC |
The Shadowserver (via CIRCL) |