Total
4672 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2025-3164 | 1 Tencentmusic | 1 Supersonic | 2025-04-23 | 5.8 MEDIUM | 4.7 MEDIUM |
A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-1949 | 1 Zzcms | 1 Zzcms | 2025-04-23 | 5.0 MEDIUM | 4.3 MEDIUM |
A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-3252 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-3253 | 1 Xujiangfei | 1 Admintwo | 2025-04-23 | 4.0 MEDIUM | 3.5 LOW |
A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2022-43660 | 1 Sixapart | 1 Movable Type | 2025-04-23 | N/A | 7.2 HIGH |
Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | |||||
CVE-2025-0618 | 2025-04-23 | N/A | 6.5 MEDIUM | ||
A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX. | |||||
CVE-2025-3842 | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-23251 | 2025-04-23 | N/A | 7.6 HIGH | ||
NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
CVE-2023-51313 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-23 | N/A | 8.8 HIGH |
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
CVE-2024-54803 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. | |||||
CVE-2025-3115 | 1 Tibco | 6 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Deployment Kit and 3 more | 2025-04-22 | N/A | 9.8 CRITICAL |
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | |||||
CVE-2022-37155 | 1 Spip | 1 Spip | 2025-04-22 | N/A | 8.8 HIGH |
RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | |||||
CVE-2024-36694 | 1 Opencart | 1 Opencart | 2025-04-22 | N/A | 7.2 HIGH |
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | |||||
CVE-2024-56518 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | |||||
CVE-2024-53924 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | |||||
CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 10.0 HIGH | N/A |
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | |||||
CVE-2024-43771 | 1 Google | 1 Android | 2025-04-22 | N/A | 8.8 HIGH |
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-43770 | 1 Google | 1 Android | 2025-04-22 | N/A | 8.8 HIGH |
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-49747 | 1 Google | 1 Android | 2025-04-22 | N/A | 9.8 CRITICAL |
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-51317 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-22 | N/A | 6.5 MEDIUM |
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. |