Total
4628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0945 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | |||||
| CVE-2007-5065 | 2 Joomla, Webmaster-tips | 2 Joomla, Flash Slide Show | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2009-1579 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | |||||
| CVE-2009-3511 | 1 Fh54 | 1 Justvisual | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php. | |||||
| CVE-2008-1760 | 1 Blogator-script | 1 Blogator-script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. | |||||
| CVE-2007-0831 | 1 Atsphp | 1 Atsphp | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php | |||||
| CVE-2007-5599 | 1 Awrate | 1 Awrate | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368. | |||||
| CVE-2007-0486 | 1 Phpadsnew | 1 Phpadsnew | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions | |||||
| CVE-2009-1128 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. | |||||
| CVE-2008-6132 | 1 Brickhost | 1 Phpscheduleit | 2025-04-09 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | |||||
| CVE-2025-26818 | 1 Netwrix | 1 Password Secure | 2025-04-08 | N/A | 9.8 CRITICAL |
| Netwrix Password Secure through 9.2 allows command injection. | |||||
| CVE-2025-3326 | 1 Iteaj | 1 Iboot | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3327 | 1 Iteaj | 1 Iboot | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30013 | 2025-04-08 | N/A | 6.7 MEDIUM | ||
| SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application. | |||||
| CVE-2025-27429 | 2025-04-08 | N/A | 9.9 CRITICAL | ||
| SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | |||||
| CVE-2025-31330 | 2025-04-08 | N/A | 9.9 CRITICAL | ||
| SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | |||||
| CVE-2025-23186 | 2025-04-08 | N/A | 8.5 HIGH | ||
| In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. | |||||
| CVE-2025-3393 | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-3297 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-27705 | 1 Leantime | 1 Leantime | 2025-04-08 | N/A | 7.6 HIGH |
| Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. | |||||