Search
Search Results (328883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9529 | 2 Advancedcustomfields, Wpengine | 3 Advanced Custom Fields, Advanced Custom Field Pro, Advanced Custom Fields | 2025-06-11 | 6.6 Medium |
| The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions. | ||||
| CVE-2024-41588 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | 8 High |
| The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function. | ||||
| CVE-2024-41590 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | 8 High |
| Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6. | ||||
| CVE-2024-41596 | 1 Draytek | 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more | 2025-06-11 | 8 High |
| Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. | ||||
| CVE-2025-3877 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2025-06-11 | 5.4 Medium |
| This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986. | ||||
| CVE-2024-27447 | 1 Pretix | 1 Pretix | 2025-06-11 | 9.8 Critical |
| pretix before 2024.1.1 mishandles file validation. | ||||
| CVE-2011-10007 | 1 Redhat | 3 Enterprise Linux, Rhel Els, Rhel Eus | 2025-06-11 | 8.8 High |
| File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \ -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users) | ||||
| CVE-2024-33752 | 1 Emlog | 1 Emlog | 2025-06-11 | 6.3 Medium |
| An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code. | ||||
| CVE-2024-33117 | 1 Crmeb | 1 Crmeb Java | 2025-06-11 | 5.3 Medium |
| crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController. | ||||
| CVE-2025-49793 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49792 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49791 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49790 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49789 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49788 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49787 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49786 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-49785 | 2025-06-11 | N/A | ||
| Not used | ||||
| CVE-2025-47102 | 2025-06-11 | N/A | ||
| This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. | ||||
| CVE-2025-47095 | 2025-06-11 | N/A | ||
| This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability. | ||||