Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39236 | 1 Gradio Project | 1 Gradio | 2025-06-27 | N/A | 9.8 CRITICAL |
|
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself.
|
|||||
| CVE-2025-6475 | 1 Razormist | 1 Student Result Management System | 2025-06-27 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6452 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-22724 | 1 Oscommerce | 1 Oscommerce | 2025-06-27 | N/A | 6.6 MEDIUM |
|
An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature.
|
|||||
| CVE-2024-22274 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | N/A | 7.2 HIGH |
|
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
|
|||||
| CVE-2024-53382 | 1 Prismjs | 1 Prism | 2025-06-27 | N/A | 4.9 MEDIUM |
|
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
|
|||||
| CVE-2024-53386 | 1 Piqnt | 1 Stage.js | 2025-06-27 | N/A | 4.9 MEDIUM |
|
Stage.js through 0.8.10 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
|
|||||
| CVE-2025-3531 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-3532 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-3533 | 1 Youdiancms | 1 Youdiancms | 2025-06-27 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6285 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-26 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in PHPGurukul COVID19 Testing Management System 2021. It has been rated as problematic. This issue affects some unknown processing of the file /search-report-result.php. The manipulation of the argument q leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6287 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6288 | 1 Anujk305 | 1 Bus Pass Management System | 2025-06-26 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely.
|
|||||
| CVE-2025-3568 | 1 Webkul | 1 Krayin Crm | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify ...
Show More |
|||||
| CVE-2025-3570 | 1 Jameszbl | 1 Db-hospital-drug | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. It has been classified as problematic. This affects the function Save of the file ContentController.java. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6340 | 1 Fabian | 1 School Fees Payment System | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6301 | 1 Anujk305 | 1 Notice Board System | 2025-06-26 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Title/Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6345 | 1 Rems | 1 My Food Recipe | 2025-06-26 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6473 | 1 Fabian | 1 School Fees Payment System | 2025-06-25 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, was found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /fees.php. The manipulation of the argument transcation_remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6477 | 1 Razormist | 1 Student Result Management System | 2025-06-25 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
|
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
|
|||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
|
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists.
|
|||||
| CVE-2022-30194 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-24 | N/A | 7.5 HIGH |
|
Windows WebBrowser Control Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30175 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-06-24 | N/A | 7.8 HIGH |
|
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2022-44794 | 1 Objectfirst | 1 Ootbi | 2025-06-24 | N/A | 8.8 HIGH |
|
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611.
|
|||||
| CVE-2024-47208 | 1 Apache | 1 Ofbiz | 2025-06-24 | N/A | 9.8 CRITICAL |
|
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.17.
Users are recommended to upgrade to version 18.12.17, which fixes the issue.
|
|||||
| CVE-2025-3642 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 8.8 HIGH |
|
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
|
|||||
| CVE-2025-3641 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 8.8 HIGH |
|
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
|
|||||
| CVE-2025-6126 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2025-6125 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagedes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6127 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-06-24 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search-report.php. The manipulation of the argument serachdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-26182 | 1 Xxyopen | 1 Novel-plus | 2025-06-24 | N/A | 6.5 MEDIUM |
|
An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file
|
|||||
| CVE-2025-29281 | 1 Perfree | 1 Perfreeblog | 2025-06-24 | N/A | 8.8 HIGH |
|
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.
|
|||||
| CVE-2024-13209 | 1 Redaxo | 1 Redaxo | 2025-06-24 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosu ...
Show More |
|||||
| CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | N/A | 6.6 MEDIUM |
|
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user.
|
|||||
| CVE-2024-41714 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-06-24 | N/A | 8.8 HIGH |
|
A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system.
|
|||||
| CVE-2024-50658 | 1 Ipublishmedia | 1 Adportal | 2025-06-24 | N/A | 9.8 CRITICAL |
|
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
|
|||||
| CVE-2025-24287 | 2025-06-23 | N/A | 6.1 MEDIUM | ||
|
A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
|
|||||
| CVE-2025-6268 | 2025-06-23 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6509 | 2025-06-23 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious deli ...
Show More |
|||||