Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30145 | 1 Tuzitio | 1 Camaleon Cms | 2025-01-16 | N/A | 9.8 CRITICAL |
|
Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.
|
|||||
| CVE-2025-0485 | 2025-01-15 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-33440 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | N/A | 7.2 HIGH |
|
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
|
|||||
| CVE-2024-49375 | 2025-01-14 | N/A | 9.0 CRITICAL | ||
|
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on the Rasa instance eg with `--enable-api`. This is not the default configuration. 2. For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security contro ...
Show More |
|||||
| CVE-2024-21541 | 1 Matthewmueller | 1 Dom-iterator | 2025-01-14 | N/A | 7.3 HIGH |
|
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not attacker-controlled. The risks involved are similar to that of allowing attacker-controlled input to reach eval.
|
|||||
| CVE-2025-0458 | 2025-01-14 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-34821 | 1 Siemens | 30 Simatic Cp 1242-7 V2, Simatic Cp 1242-7 V2 Firmware, Simatic Cp 1243-1 and 27 more | 2025-01-14 | 9.3 HIGH | 7.6 HIGH |
|
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), SCALANCE M874-2 (6GK5874-2AA00-2AA2), SCALANCE M874-3 (6GK5874-3AA00-2A ...
Show More |
|||||
| CVE-2024-56448 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-13 | N/A | 6.7 MEDIUM |
|
Vulnerability of improper access control in the home screen widget module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-25415 | 1 Phoenixcart | 1 Ce Phoenix Cart | 2025-01-13 | N/A | 7.2 HIGH |
|
A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.
|
|||||
| CVE-2025-0398 | 2025-01-12 | 3.3 LOW | 2.4 LOW | ||
|
A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0397 | 2025-01-12 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability, which was classified as problematic, was found in reckcn SPPanAdmin 1.0. Affected is an unknown function of the file /;/admin/role/edit. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-12789 | 1 Pbootcms | 1 Pbootcms | 2025-01-10 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2024-13141 | 1 Osuuu | 1 Lightpicture | 2025-01-10 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12846 | 1 Emlog | 1 Emlog | 2025-01-10 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13140 | 1 Emlog | 1 Emlog | 2025-01-10 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12783 | 1 Angeljudesuarez | 1 Vehicle Management System | 2025-01-10 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12883 | 1 Anisha | 1 Job Recruitment | 2025-01-10 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-13137 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0228 | 1 Code-projects | 1 Local Storage Todo App | 2025-01-10 | 3.3 LOW | 2.4 LOW |
|
A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-28354 | 2025-01-10 | N/A | 9.8 CRITICAL | ||
|
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM.
|
|||||
| CVE-2024-13142 | 1 Zerowdd | 1 Studentmanager | 2025-01-10 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controller/RoleController. java. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely.
|
|||||
| CVE-2024-37900 | 1 Xwiki | 1 Xwiki | 2025-01-10 | N/A | 6.4 MEDIUM |
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely ...
Show More |
|||||
| CVE-2025-22152 | 2025-01-10 | N/A | 9.1 CRITICAL | ||
|
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600.
|
|||||
| CVE-2023-27744 | 1 Southrivertech | 1 Titan Ftp Server Nextgen | 2025-01-09 | N/A | 7.8 HIGH |
|
An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.
|
|||||
| CVE-2024-31996 | 1 Xwiki | 1 Xwiki | 2025-01-09 | N/A | 10.0 CRITICAL |
|
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9 RC1. Apart from upgrading, there is no generic workaround. However, replacing `$escapetool.html` by `$escapetool.xml` in XWiki do ...
Show More |
|||||
| CVE-2023-50260 | 1 Wazuh | 1 Wazuh | 2025-01-09 | N/A | 8.8 HIGH |
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the `host_deny` script allows to write any string in the `hosts.deny` file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active response feature, which can automatically triggers actions in response to alerts. By default, active responses are limited to a set of pre defined executables. This is enforced by only allowing exe ...
Show More |
|||||
| CVE-2024-30962 | 1 Openrobotics | 1 Robot Operating System | 2025-01-09 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process
|
|||||
| CVE-2024-31465 | 1 Xwiki | 1 Xwiki | 2025-01-09 | N/A | 9.9 CRITICAL |
|
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manuall ...
Show More |
|||||
| CVE-2025-0342 | 2025-01-09 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2024-13187 | 2025-01-08 | 4.3 MEDIUM | 5.3 MEDIUM | ||
|
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-33733 | 1 Reportlab | 1 Reportlab | 2025-01-08 | N/A | 7.8 HIGH |
|
Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
|
|||||
| CVE-2025-22136 | 2025-01-08 | N/A | N/A | ||
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vu ...
Show More |
|||||
| CVE-2024-8002 | 2025-01-08 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 9.12 is able to address this issue. It is recommended to upgrade the affected component.
|
|||||
| CVE-2024-12841 | 1 Emlog | 1 Emlog | 2025-01-07 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12843 | 1 Emlog | 1 Emlog | 2025-01-07 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12844 | 1 Emlog | 1 Emlog | 2025-01-07 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12845 | 1 Emlog | 1 Emlog | 2025-01-07 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-37149 | 1 Glpi-project | 1 Glpi | 2025-01-07 | N/A | 7.2 HIGH |
|
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16.
|
|||||
| CVE-2024-56278 | 2025-01-07 | N/A | 9.1 CRITICAL | ||
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through 2.9.1.
|
|||||
| CVE-2024-12471 | 2025-01-07 | N/A | 8.8 HIGH | ||
|
The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.
|
|||||