Vulnerabilities (CVE)

Filtered by CWE-94
Total 4709 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23692 1 Rejetto 1 Http File Server 2025-06-18 N/A 9.8 CRITICAL
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
CVE-2025-32106 1 Audiocodes 6 Mp-112, Mp-112 Firmware, Mp-114 and 3 more 2025-06-18 N/A 9.8 CRITICAL
In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.
CVE-2024-30845 1 Rainbow External Link Network Disk Project 1 Rainbow External Link Network Disk 2025-06-17 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters.
CVE-2023-6494 1 Wpclever 1 Wpc Smart Quick View For Woocommerce 2025-06-17 N/A 4.4 MEDIUM
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2024-29500 1 Inteset 1 Secure Lockdown 2025-06-17 N/A 9.8 CRITICAL
An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance.
CVE-2024-31819 1 Wwbn 1 Avideo 2025-06-17 N/A 9.8 CRITICAL
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.
CVE-2024-26362 3 Enpass, Linux, Microsoft 3 Password Manager, Linux Kernel, Windows 2025-06-17 N/A 8.8 HIGH
HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux allows attackers to run arbitrary HTML code via creation of crafted note.
CVE-2024-29937 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2025-06-17 N/A 9.8 CRITICAL
NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption.
CVE-2024-29399 1 Gnu 1 Savane 2025-06-17 N/A 7.6 HIGH
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
CVE-2024-25376 1 Thesycon 1 Tusbaudio 2025-06-17 N/A 7.8 HIGH
An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode.
CVE-2025-6131 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5309 2025-06-17 N/A N/A
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
CVE-2025-5507 1 Totolink 2 A3002ru, A3002ru Firmware 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5506 1 Totolink 2 A3002ru, A3002ru Firmware 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5505 1 Totolink 2 A3002ru, A3002ru Firmware 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5970 1 Phpgurukul 1 Restaurant Table Booking System 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-5972 1 Phpgurukul 1 Restaurant Table Booking System 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/manage-subadmins.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2025-5973 1 Phpgurukul 1 Restaurant Table Booking System 2025-06-17 3.3 LOW 2.4 LOW
A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-table.php. The manipulation of the argument tableno leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5974 1 Phpgurukul 1 Restaurant Table Booking System 2025-06-17 4.0 MEDIUM 3.5 LOW
A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5975 1 Phpgurukul 1 Rail Pass Management System 2025-06-17 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in PHPGurukul Rail Pass Management System 1.0. This affects an unknown part of the file /rpms/download-pass.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.