CVE-2024-42922 - AAPanel OS Command Injection Vulnerability
CVE ID : CVE-2024-42922
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-42922
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-56429 - itech iLabClient Key Disclosure Vulnerability
CVE ID : CVE-2024-56429
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-56429
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44892 - Fortinet Wireless Access Point Stack Overflow Vulnerability
CVE ID : CVE-2025-44892
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44892
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44895 - D-Link FW-WGS-804HPT Stack Overflow Vulnerability
CVE ID : CVE-2025-44895
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44895
Published : May 21, 2025, 2:15 p.m. | 3 hours, 11 minutes ago
Description : FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-23337 - jq Denial of Service Integer Overflow Vulnerability
CVE ID : CVE-2024-23337
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-23337
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5029 - Kingdee Cloud Galaxy Private Cloud BBC System Path Traversal Vulnerability
CVE ID : CVE-2025-5029
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5029
Published : May 21, 2025, 3:16 p.m. | 2 hours, 11 minutes ago
Description : A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file fileUpload/deleteFileAction.jhtml of the component File Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27997 - Blizzard Battle.net Privilege Escalation Vulnerability
CVE ID : CVE-2025-27997
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27997
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27998 - Steam Client Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-27998
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27998
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48200 - TYPO3 sr_feuser_register Remote Code Execution
CVE ID : CVE-2025-48200
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48200
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48201 - "TYPO3 ns_backup Predictable Resource Location Vulnerability"
CVE ID : CVE-2025-48201
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48201
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48202 - "TYPO3 femanager Extension Insecure Direct Object Reference Vulnerability"
CVE ID : CVE-2025-48202
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48202
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48203 - TYPO3 cs_seo XSS Vulnerability
CVE ID : CVE-2025-48203
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48203
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48204 - TYPO3 ns_backup Command Injection Vulnerability
CVE ID : CVE-2025-48204
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48204
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48205 - TYPO3 sr_feuser_register Insecure Direct Object Reference
CVE ID : CVE-2025-48205
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48205
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48206 - TYPO3 ns_backup XSS Vulnerability
CVE ID : CVE-2025-48206
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48206
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48207 - TYPO3 Reint Download Manager Insecure Direct Object Reference (IDOR)
CVE ID : CVE-2025-48207
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48207
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4008 - Meteobridge Command Injection Vulnerability
CVE ID : CVE-2025-4008
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4008
Published : May 21, 2025, 4:15 p.m. | 1 hour, 11 minutes ago
Description : The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command injection. Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5030 - Ackites KillWxapkg os Command Injection Vulnerability
CVE ID : CVE-2025-5030
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5030
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been declared as critical. This vulnerability affects the function processFile of the file internal/unpack/unpack.go of the component wxapkg File Parser. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5031 - Ackites KillWxapkg wxapkg File Decompression Handler Resource Consumption Vulnerability
CVE ID : CVE-2025-5031
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5031
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5032 - Campcodes Online Shopping Portal SQL Injection Vulnerability
CVE ID : CVE-2025-5032
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5032
Published : May 21, 2025, 5:15 p.m. | 4 hours, 11 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2102 - HYPR Passwordless Link Following Privilege Escalation Vulnerability
CVE ID : CVE-2025-2102
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2102
Published : May 21, 2025, 6:15 p.m. | 3 hours, 11 minutes ago
Description : Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...