Search

Search Results (365153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-42770 1 Redlioncontrols 12 St-ipm-6350, St-ipm-6350 Firmware, St-ipm-8460 and 9 more 2025-06-11 10 Critical
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge.
CVE-2023-21416 1 Axis 2 Axis Os, Axis Os 2022 2025-06-11 7.1 High
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account however the impact is equal. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2023-21417 1 Axis 3 Axis Os, Axis Os 2020, Axis Os 2022 2025-06-11 7.1 High
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2023-21418 1 Axis 4 Axis Os, Axis Os 2018, Axis Os 2020 and 1 more 2025-06-11 7.1 High
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator service accounts and limited to non-system files compared to administrator-privileges. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2024-9529 2 Advancedcustomfields, Wpengine 3 Advanced Custom Fields, Advanced Custom Field Pro, Advanced Custom Fields 2025-06-11 6.6 Medium
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
CVE-2024-41588 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2025-06-11 8 High
The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strncpy function.
CVE-2024-41590 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2025-06-11 8 High
Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices through 4.3.2.6.
CVE-2024-41596 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2025-06-11 8 High
Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters.
CVE-2025-3877 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2025-06-11 5.4 Medium
This CVE was marked as fixed, but due to other code landing - was not actually fixed. It was subsequently fixed in CVE-2025-5986.
CVE-2024-27447 1 Pretix 1 Pretix 2025-06-11 9.8 Critical
pretix before 2024.1.1 mishandles file validation.
CVE-2024-33752 1 Emlog 1 Emlog 2025-06-11 6.3 Medium
An arbitrary file upload vulnerability exists in emlog pro 2.3.0 and pro 2.3.2 at admin/views/plugin.php that could be exploited by a remote attacker to submit a special request to upload a malicious file to execute arbitrary code.
CVE-2024-33117 1 Crmeb 1 Crmeb Java 2025-06-11 5.3 Medium
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
CVE-2025-49793 2025-06-11 N/A
Not used
CVE-2025-49792 2025-06-11 N/A
Not used
CVE-2025-49791 2025-06-11 N/A
Not used
CVE-2025-49790 2025-06-11 N/A
Not used
CVE-2025-49789 2025-06-11 N/A
Not used
CVE-2025-49788 2025-06-11 N/A
Not used
CVE-2025-49787 2025-06-11 N/A
Not used
CVE-2025-49786 2025-06-11 N/A
Not used