Search

Search Results (363163 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0760 3 3s-software, Festo, Softmotion3d 4 Codesys Runtime System, Cecx-x-c1 Modular Master Controller, Cecx-x-m1 Modular Controller and 1 more 2025-07-02 N/A
The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X-M1 Modular Controller with CoDeSys and SoftMotion provide an undocumented access method involving the FTP protocol, which could allow a remote attacker to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-6069 1 3s-software 1 Codesys Runtime System 2025-07-02 10 Critical
The CoDeSys Runtime Toolkit’s file transfer functionality does not perform input validation, which allows an attacker to access files and directories outside the intended scope. This may allow an attacker to upload and download any file on the device. This could allow the attacker to affect the availability, integrity, and confidentiality of the device.
CVE-2024-36621 1 Mobyproject 1 Moby 2025-07-02 6.5 Medium
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
CVE-2024-36622 1 Raspap 1 Raspap-webgui 2025-07-02 9.8 Critical
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
CVE-2024-36623 1 Mobyproject 1 Moby 2025-07-02 8.1 High
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.
CVE-2024-31669 1 Rizin 1 Rizin 2025-07-02 7.5 High
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide.
CVE-2024-45206 1 Veeam 2 Service Provider Console, Veeam Service Provider Console 2025-07-02 N/A
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVE-2024-45207 1 Veeam 2 Agent, Veeam Agent For Windows 2025-07-02 N/A
DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services
CVE-2024-50699 1 Tp-link 2 Tl-wr845n, Tl-wr845n Firmware 2025-07-02 8 High
TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.
CVE-2024-37377 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-02 N/A
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2012-6068 1 3s-software 1 Codesys Runtime System 2025-07-02 9.8 Critical
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service.
CVE-2024-37401 1 Ivanti 2 Connect Secure, Policy Secure 2025-07-02 N/A
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-31670 1 Rizin 1 Rizin 2025-07-02 6.3 Medium
rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.
CVE-2024-8765 1 Lunary 1 Lunary 2025-07-02 N/A
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the path. As a result, attackers can obtain and modify sensitive data and utilize other organizations' resources without proper authentication.
CVE-2024-11301 1 Lunary 1 Lunary 2025-07-02 N/A
In lunary-ai/lunary before version 1.6.3, the application allows the creation of evaluators without enforcing a unique constraint on the combination of projectId and slug. This allows an attacker to overwrite existing data by submitting a POST request with the same slug as an existing evaluator. The lack of database constraints or application-layer validation to prevent duplicates exposes the application to data integrity issues. This vulnerability can result in corrupted data and potentially malicious actions, impairing the system's functionality.
CVE-2024-10762 1 Lunary 1 Lunary 2025-07-02 N/A
In lunary-ai/lunary before version 1.5.9, the /v1/evaluators/ endpoint allows users to delete evaluators of a project by sending a DELETE request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can delete evaluator data. This vulnerability allows low-privilege users to delete evaluators data, causing permanent data loss and potentially hindering operations.
CVE-2025-6152 1 Steel 1 Browser 2025-07-02 6.3 Medium
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.
CVE-2025-6167 1 Themanojdesai 1 Python A2a 2025-07-02 5.5 Medium
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-4955 1 Amauri 1 Tarteaucitron.io 2025-07-02 4.7 Medium
The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
CVE-2025-5877 1 Fengoffice 1 Feng Office 2025-07-02 6.3 Medium
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.