Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42110 | 1 Allegro | 1 Allegro | 2025-05-30 | 6.2 MEDIUM | 7.8 HIGH |
| An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. | |||||
| CVE-2020-26167 | 1 Thedaylightstudio | 1 Fuel Cms | 2025-05-30 | 10.0 HIGH | 9.8 CRITICAL |
| In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | |||||
| CVE-2022-24446 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2025-05-30 | 3.5 LOW | 4.3 MEDIUM |
| An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the operator. | |||||
| CVE-2021-32017 | 1 Jump-technology | 1 Asset Management | 2025-05-30 | 4.0 MEDIUM | 7.7 HIGH |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem structure, i.e., identifying all the directories and files. | |||||
| CVE-2023-7252 | 1 Tickera | 1 Tickera | 2025-05-30 | N/A | N/A |
| The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets. | |||||
| CVE-2023-31728 | 1 Teltonika-networks | 2 Rut240, Rut240 Firmware | 2025-05-30 | N/A | N/A |
| Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. | |||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | N/A | 6.5 MEDIUM |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | |||||
| CVE-2023-51892 | 1 Weaver | 1 E-cology | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | |||||
| CVE-2024-23770 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | N/A | 5.5 MEDIUM |
| darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | |||||
| CVE-2024-23730 | 1 Llamahub | 1 Llamahub | 2025-05-30 | N/A | 9.8 CRITICAL |
| The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. | |||||
| CVE-2024-22636 | 1 Pluxml | 1 Pluxml | 2025-05-30 | N/A | 8.8 HIGH |
| PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. | |||||
| CVE-2024-23215 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-30 | N/A | 5.5 MEDIUM |
| An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data. | |||||
| CVE-2023-44001 | 1 Linecorp | 1 Line | 2025-05-30 | N/A | 5.4 MEDIUM |
| An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | |||||
| CVE-2023-51926 | 1 Yonyou | 1 Yonbip | 2025-05-30 | N/A | 7.5 HIGH |
| YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | |||||
| CVE-2024-23204 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-30 | N/A | 7.5 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. | |||||
| CVE-2024-23348 | 1 Appleple | 1 A-blog Cms | 2025-05-30 | N/A | 8.8 HIGH |
| Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file. | |||||
| CVE-2024-0742 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2025-05-30 | N/A | 4.3 MEDIUM |
| It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||||
| CVE-2024-23203 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-30 | N/A | 7.5 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. | |||||
| CVE-2024-0812 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-30 | N/A | 8.8 HIGH |
| Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-50693 | 1 Jester Project | 1 Jester | 2025-05-30 | N/A | 9.8 CRITICAL |
| An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request. | |||||