Total
131 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31491 | 2 Voltronic Power, Voltronicpower | 2 Viewpower Pro, Viewpower | 2025-08-23 | 10 Critical |
| Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence. | ||||
| CVE-2014-0758 | 1 Iconics | 1 Genesis32 | 2025-08-22 | N/A |
| An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. | ||||
| CVE-2023-49074 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-08-21 | 7.4 High |
| A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2025-5748 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A |
| WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349. | ||||
| CVE-2023-27365 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2025-08-11 | N/A |
| Foxit PDF Editor DOC File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of proper restrictions on macro-enabled documents. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19739. | ||||
| CVE-2023-27364 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-11 | N/A |
| Foxit PDF Editor XLS File Parsing Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper restrictions on macro-enabled documents. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19738. | ||||
| CVE-2023-27363 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2025-08-11 | N/A |
| Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData method. The application exposes a JavaScript interface that allows writing arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19697. | ||||
| CVE-2023-42032 | 1 Visualware | 1 Myconnection Server | 2025-08-08 | N/A |
| Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doRTAAccessUPass method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to disclose information in the context of the application. Was ZDI-CAN-21611. | ||||
| CVE-2023-44414 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-07 | N/A |
| D-Link D-View coreservice_action_script Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the coreservice_action_script action. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19573. | ||||
| CVE-2023-37330 | 2 Kofax, Tungstenautomation | 2 Power Pdf, Power Pdf | 2025-08-07 | 7.8 High |
| Kofax Power PDF exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsText method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-20230. | ||||
| CVE-2024-5298 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-06 | N/A |
| D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the queryDeviceCustomMonitorResult method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21842. | ||||
| CVE-2024-5299 | 2 D-link, Dlink | 2 D-view, D-view 8 | 2025-08-06 | N/A |
| D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828. | ||||
| CVE-2006-1547 | 2 Apache, Redhat | 3 Commons Beanutils, Struts, Rhel Application Server | 2025-07-30 | 7.5 High |
| ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | ||||
| CVE-2010-0738 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-07-30 | 5.3 Medium |
| The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | ||||
| CVE-2010-1428 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-07-30 | 7.5 High |
| The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method. | ||||
| CVE-2014-3120 | 3 Elasticsearch, Redhat, Rhel Sam | 7 Elasticsearch, Fuse Esb Enterprise, Fuse Management Console and 4 more | 2025-07-30 | 8.1 High |
| The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. | ||||
| CVE-2018-19322 | 1 Gigabyte | 4 Aorus Graphics Engine, App Center, Oc Guru Ii and 1 more | 2025-07-30 | 7.8 High |
| The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | ||||
| CVE-2025-34114 | 2025-07-29 | N/A | ||
| A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers including Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This omission weakens browser-level defenses and exposes users to cross-site scripting (XSS), clickjacking, and referer leakage. Although some instances attempt to enforce CSP via HTML <meta> tags, this method is ineffective, as modern browsers rely on header-based enforcement to reliably block inline scripts and untrusted resources. | ||||
| CVE-2025-53964 | 2025-07-17 | 9.6 Critical | ||
| GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary. | ||||
| CVE-2024-6863 | 1 H2o | 1 H2o | 2025-07-15 | N/A |
| In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacker to encrypt arbitrary files with keys of their choice, making it exceedingly difficult for the target to recover the keys needed for decryption. | ||||