Latest CVE Feed
-
8.3
HIGHCVE-2025-48881
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created... Read more
Affected Products :- Published: May. 30, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.... Read more
Affected Products : vinchin_backup_and_recovery- Published: Feb. 02, 2024
- Modified: Jun. 04, 2025
-
5.3
MEDIUMCVE-2024-22646
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.... Read more
Affected Products : seo_panel- Published: Jan. 30, 2024
- Modified: Jun. 04, 2025
-
7.2
HIGHCVE-2024-22626
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.... Read more
Affected Products : supplier_management_system- Published: Jan. 16, 2024
- Modified: Jun. 04, 2025
-
5.8
MEDIUMCVE-2024-20513
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
5.9
MEDIUMCVE-2024-20509
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20502
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20501
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20500
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20499
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20498
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
4.7
MEDIUMCVE-2022-23089
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-21728
An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability all... Read more
Affected Products : osticky- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-27184
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
9.1
CRITICALCVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-27186
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-27187
Improper Access Controls allows backend users to overwrite their username when disallowed.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-40743
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
9.8
CRITICALCVE-2024-40744
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.... Read more
Affected Products : convert_forms- Published: Dec. 04, 2024
- Modified: Jun. 04, 2025
-
5.4
MEDIUMCVE-2024-40745
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.... Read more
Affected Products : convert_forms- Published: Dec. 04, 2024
- Modified: Jun. 04, 2025