Latest CVE Feed
-
7.5
HIGHCVE-2024-20502
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20501
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20500
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20499
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20498
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
4.7
MEDIUMCVE-2022-23089
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can... Read more
Affected Products : freebsd- EPSS Score: %0.05
- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-21728
An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability all... Read more
Affected Products : osticky- EPSS Score: %0.07
- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-27184
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
9.1
CRITICALCVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-27186
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-27187
Improper Access Controls allows backend users to overwrite their username when disallowed.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-40743
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
9.8
CRITICALCVE-2024-40744
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.... Read more
Affected Products : convert_forms- Published: Dec. 04, 2024
- Modified: Jun. 04, 2025
-
5.4
MEDIUMCVE-2024-40745
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.... Read more
Affected Products : convert_forms- Published: Dec. 04, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-40747
Various module chromes didn't properly process inputs, leading to XSS vectors.... Read more
Affected Products : joomla\!- Published: Jan. 07, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2024-40748
Lack of output escaping in the id attribute of menu lists.... Read more
Affected Products : joomla\!- Published: Jan. 07, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2024-40749
Improper Access Controls allows access to protected views.... Read more
Affected Products : joomla\!- Published: Jan. 07, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-22204
Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability.... Read more
Affected Products : sourcerer- Published: Feb. 04, 2025
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2025-22205
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x.... Read more
Affected Products : admiror_gallery- Published: Feb. 04, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Path Traversal
-
4.7
MEDIUMCVE-2025-22206
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature.... Read more
Affected Products : js_jobs- Published: Feb. 04, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection