CVE-2024-2389
|
Flowmon Unauthenticated Command Injection Vulnerability |
Progress Software |
Flowmon |
2025-06-27 12:00:36 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-22319
|
IBM Operational Decision Manager JDNI injection |
IBM |
Operational Decision Manager |
2025-06-27 12:00:29 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-12720
|
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. |
vBulletin |
vBulletin |
2025-06-26 12:00:23 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-24589
|
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. |
WSO2 |
API Manager |
2025-06-26 12:00:11 UTC |
The Shadowserver (via CIRCL) |
CVE-2024-0769
|
D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal |
D-Link |
DIR-859 |
2025-06-25 16:45:11 UTC |
CISA |
CVE-2025-6543
|
Memory overflow vulnerability leading to unintended control flow and Denial of Service |
NetScaler |
ADC, Gateway |
2025-06-25 16:30:33 UTC |
TheHackerNews |
CVE-2025-26319
|
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. |
FlowiseAI |
Flowise |
2025-06-25 12:00:52 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-27112
|
Navidrome has authentication bypass in Subsonic API with non-existent username |
navidrome |
navidrome |
2025-06-25 12:00:45 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2777
|
SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection |
SysAid |
SysAid On-Prem |
2025-06-25 12:00:38 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-26793
|
The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username... |
Hirsch |
Enterphone MESH |
2025-06-25 12:00:31 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2775
|
SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection |
SysAid |
SysAid On-Prem |
2025-06-25 12:00:24 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2776
|
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection |
SysAid |
SysAid On-Prem |
2025-06-25 12:00:17 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-2294
|
Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion |
extendthemes |
Kubio AI Page Builder |
2025-06-25 12:00:10 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-52572
|
Hikka vulnerable to RCE through dangling web interface |
hikariatama |
Hikka |
2025-06-24 21:40:19 UTC |
CVE |
CVE-2024-54085
|
Redfish Authentication Bypass |
AMI |
MegaRAC-SPx |
2025-06-24 04:40:23 UTC |
CVE |
CVE-2019-6693
|
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup... |
Fortinet |
FortiGate |
2025-06-24 04:40:16 UTC |
CVE |
CVE-2025-34037
|
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series |
Linksys |
E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1 |
2025-06-24 03:40:18 UTC |
CVE |
CVE-2018-0127
|
A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an... |
Cisco |
RV132W ADSL2+ Wireless-N VPN Router, RV134W VDSL2 Wireless-AC VPN Router |
2025-06-22 12:00:27 UTC |
The Shadowserver (via CIRCL) |
CVE-2021-41293
|
ECOA BAS controller - Path Traversal-3 |
ECOA |
ECS Router Controller ECS (FLASH), RiskBuster Terminator E6L45, RiskBuster System RB 3.0.0, RiskBuster System TRANE 1.0, Graphic Control Software, SmartHome II E9246, RiskTerminator |
2025-06-21 12:00:50 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-0868
|
Remote Code Execution in DocsGPT |
Arc53 |
DocsGPT |
2025-06-21 12:00:43 UTC |
The Shadowserver (via CIRCL) |
CVE-2020-11455
|
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. |
LimeSurvey |
LimeSurvey |
2025-06-21 12:00:35 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-14912
|
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a... |
CGit |
CGit |
2025-06-21 12:00:25 UTC |
The Shadowserver (via CIRCL) |
CVE-2018-11222
|
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php... |
Artica |
Pandora FMS |
2025-06-21 12:00:14 UTC |
The Shadowserver (via CIRCL) |
CVE-2025-4322
|
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover |
StylemixThemes |
Motors - Car Dealer, Rental & Listing WordPress theme |
2025-06-20 12:10:36 UTC |
Wordfence |
CVE-2024-7120
|
Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection |
Raisecom |
MSG1200, MSG2100E, MSG2200, MSG2300 |
2025-06-20 12:00:18 UTC |
The Shadowserver (via CIRCL) |