Common Vulnerabilities and Exposures (CVE)

CVE-2024-22900

Jul 5, 2026 01:17:21 UTC

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function.

CVE-2024-22899

Jul 5, 2026 01:17:17 UTC

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.

CVE-2023-38950

Jul 5, 2026 01:17:13 UTC

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.

CVE-2023-36177

Jul 5, 2026 01:17:09 UTC

An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.

CVE-2022-47879

Jul 5, 2026 01:17:04 UTC

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. NOTE: The vendor states that the vulnerability af...

CVE-2025-61524

Jul 5, 2026 01:16:59 UTC

An issue in the permission verification module and organization/application editing interface in Casdoor v2.26.0 and before, and fixed in v.2.63.0, allows remote authenticated administrators of any organization within the system to bypass t...

CVE-2025-61498

Jul 5, 2026 01:16:55 UTC

A buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01 allows attackers to cause a Denial of Service (DoS) via supplying a crafted packet.

CVE-2025-61301

Jul 5, 2026 01:16:51 UTC

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or...

CVE-2025-60898

Jul 5, 2026 01:15:48 UTC

An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addre...

CVE-2025-60838

Jul 5, 2026 01:15:43 UTC

An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file.

CVE-2025-60837

Jul 5, 2026 01:15:39 UTC

A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

CVE-2025-60805

Jul 5, 2026 01:15:35 UTC

An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.

CVE-2025-60749

Jul 5, 2026 01:15:31 UTC

DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.

CVE-2025-60735

Jul 5, 2026 01:15:27 UTC

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

CVE-2025-60731

Jul 5, 2026 01:15:23 UTC

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function