Export limit exceeded: 10054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10054 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62521 | 1 Churchcrm | 1 Churchcrm | 2025-12-18 | 10 Critical |
| ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server compromise. The vulnerability exists in `setup/routes/setup.php` where user input from the setup form is directly concatenated into a PHP configuration template without any validation or sanitization. Any parameter in the setup form can be used to inject PHP code that gets written to `Include/Config.php`, which is then executed on every page load. This is more severe than typical authenticated RCE vulnerabilities because it requires no credentials and affects the installation process that administrators must complete. Version 5.21.0 patches the issue. | ||||
| CVE-2025-68109 | 1 Churchcrm | 1 Churchcrm | 2025-12-18 | 9.1 Critical |
| ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue. | ||||
| CVE-2023-41913 | 1 Strongswan | 1 Strongswan | 2025-12-18 | 9.8 Critical |
| strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | ||||
| CVE-2021-3177 | 6 Debian, Fedoraproject, Netapp and 3 more | 12 Debian Linux, Fedora, Active Iq Unified Manager and 9 more | 2025-12-18 | 9.8 Critical |
| Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | ||||
| CVE-2025-14097 | 1 Radiometer | 5 Abl800 Basic Analyzer, Abl800 Flex Analyzer, Abl90 Flex Analyzer and 2 more | 2025-12-18 | 7.2 High |
| A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication. | ||||
| CVE-2024-30052 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-12-17 | 4.7 Medium |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2024-35249 | 1 Microsoft | 3 Dynamics 365 Business Central, Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024 | 2025-12-17 | 8.8 High |
| Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | ||||
| CVE-2024-30104 | 1 Microsoft | 5 365 Apps, Office, Office 2016 and 2 more | 2025-12-17 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-30103 | 1 Microsoft | 6 365 Apps, Office, Office 2019 and 3 more | 2025-12-17 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-30102 | 1 Microsoft | 1 365 Apps | 2025-12-17 | 7.3 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-30101 | 1 Microsoft | 5 365 Apps, Office, Office 2016 and 2 more | 2025-12-17 | 7.5 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2024-30100 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2025-12-17 | 7.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2024-30097 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2025-12-17 | 8.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | ||||
| CVE-2024-30095 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 7.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-30094 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 7.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2024-30063 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 6.7 Medium |
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | ||||
| CVE-2024-30062 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-12-17 | 7.8 High |
| Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability | ||||
| CVE-2024-30080 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-12-17 | 9.8 Critical |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
| CVE-2024-30078 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-12-17 | 8.8 High |
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-30077 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2025-12-17 | 8 High |
| Windows OLE Remote Code Execution Vulnerability | ||||