Total
33598 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7252 | 1 Tickera | 1 Tickera | 2025-05-30 | 5.3 Medium |
| The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets. | ||||
| CVE-2023-31728 | 1 Teltonika-networks | 2 Rut240, Rut240 Firmware | 2025-05-30 | 7 High |
| Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. | ||||
| CVE-2024-23985 | 1 Ezhometech | 1 Ezserver | 2025-05-30 | 7.5 High |
| EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. | ||||
| CVE-2024-23901 | 1 Jenkins | 1 Github Branch Source | 2025-05-30 | 6.5 Medium |
| Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. | ||||
| CVE-2024-23770 | 1 Unix4lyfe | 1 Darkhttpd | 2025-05-30 | 5.5 Medium |
| darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | ||||
| CVE-2024-23730 | 1 Llamahub | 1 Llamahub | 2025-05-30 | 9.8 Critical |
| The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. | ||||
| CVE-2024-23348 | 1 Appleple | 1 A-blog Cms | 2025-05-30 | 8.8 High |
| Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file. | ||||
| CVE-2024-22638 | 1 Livesite | 1 Livesite | 2025-05-30 | 9.8 Critical |
| liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php or /livesite/add_email_campaign.php. | ||||
| CVE-2024-22636 | 1 Pluxml | 1 Pluxml | 2025-05-30 | 8.8 High |
| PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. | ||||
| CVE-2024-0812 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-30 | 8.8 High |
| Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-0742 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-05-30 | 4.3 Medium |
| It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | ||||
| CVE-2023-51926 | 1 Yonyou | 1 Yonbip | 2025-05-30 | 7.5 High |
| YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. | ||||
| CVE-2023-51892 | 1 Weaver | 1 E-cology | 2025-05-30 | 9.8 Critical |
| An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. | ||||
| CVE-2023-50693 | 1 Jester Project | 1 Jester | 2025-05-30 | 9.8 Critical |
| An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request. | ||||
| CVE-2023-44001 | 1 Linecorp | 1 Line | 2025-05-30 | 5.4 Medium |
| An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43991 | 1 Linecorp | 1 Line | 2025-05-30 | 5.4 Medium |
| An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-43990 | 1 Linecorp | 1 Line | 2025-05-30 | 5.4 Medium |
| An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||||
| CVE-2023-35835 | 1 Solax | 2 Pocket Wifi 3, Pocket Wifi 3 Firmware | 2025-05-30 | 9.8 Critical |
| An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface. | ||||
| CVE-2023-31654 | 1 Redis | 1 Redisraft | 2025-05-30 | 9.8 Critical |
| Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c. | ||||
| CVE-2024-0717 | 1 Dlink | 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more | 2025-05-30 | 5.3 Medium |
| A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. | ||||