Total
5151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-22952 | 1 Sugarcrm | 1 Sugarcrm | 2025-07-30 | 8.8 High |
| In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | ||||
| CVE-2022-43769 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-07-30 | 8.8 High |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | ||||
| CVE-2023-29492 | 2 3rdmill, Novisurvey | 2 Novi Survey, Novi Survey | 2025-07-30 | 9.8 Critical |
| Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. | ||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-30 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33246 | 1 Apache | 1 Rocketmq | 2025-07-30 | 9.8 Critical |
| For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x . | ||||
| CVE-2023-32435 | 2 Apple, Redhat | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-30 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | ||||
| CVE-2023-32439 | 3 Apple, Redhat, Webkitgtk | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-30 | 8.8 High |
| A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2023-3519 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-30 | 9.8 Critical |
| Unauthenticated remote code execution | ||||
| CVE-2023-37450 | 3 Apple, Redhat, Webkitgtk | 9 Ipados, Iphone Os, Macos and 6 more | 2025-07-30 | 8.8 High |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2025-07-30 | 7.2 High |
| A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | ||||
| CVE-2023-6548 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-30 | 5.5 Medium |
| Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | ||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-30 | 7.6 High |
| Windows SmartScreen Security Feature Bypass Vulnerability | ||||
| CVE-2024-4040 | 1 Crushftp | 1 Crushftp | 2025-07-30 | 9.8 Critical |
| A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | ||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-07-30 | 9.8 Critical |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | ||||
| CVE-2024-56145 | 1 Craftcms | 1 Craft Cms | 2025-07-30 | 9.8 Critical |
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue. | ||||
| CVE-2025-23209 | 1 Craftcms | 1 Craft Cms | 2025-07-30 | 8.1 High |
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue. | ||||
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-07-30 | 9.8 Critical |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | ||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-07-30 | 6.7 Medium |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | ||||
| CVE-2025-4428 | 1 Ivanti | 1 Endpoint Manager Mobile | 2025-07-30 | 7.2 High |
| Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | ||||
| CVE-2025-7951 | 2 Code-projects, Fabian | 2 Public Chat Room, Public Chat Room | 2025-07-29 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /send_message.php. The manipulation of the argument chat_msg/your_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||