Total
31826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44087 | 1 Ecisp | 1 Espcms | 2025-05-01 | N/A | 9.8 CRITICAL |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT. | |||||
| CVE-2022-43679 | 1 Owncloud | 1 Owncloud | 2025-05-01 | N/A | 4.2 MEDIUM |
| The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. This could be abused to spoof the URL in password-reset e-mail messages. | |||||
| CVE-2022-41339 | 1 Zohocorp | 1 Manageengine Mobile Device Manager Plus | 2025-05-01 | N/A | 7.8 HIGH |
| In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation. | |||||
| CVE-2022-38651 | 1 Vmware | 1 Hyperic Server | 2025-05-01 | N/A | 9.8 CRITICAL |
| A security filter misconfiguration exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-36845 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | N/A | 4.3 MEDIUM |
| An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. | |||||
| CVE-2024-28753 | 1 Raspap | 1 Raspap | 2025-05-01 | N/A | 6.5 MEDIUM |
| RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. | |||||
| CVE-2024-28754 | 1 Raspap | 1 Raspap | 2025-05-01 | N/A | 7.5 HIGH |
| RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. | |||||
| CVE-2023-6444 | 1 Castos | 1 Seriously Simple Podcasting | 2025-05-01 | N/A | 5.3 MEDIUM |
| The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request. | |||||
| CVE-2023-7247 | 1 Wp-buy | 1 Login As User Or Customer \(user Switching\) | 2025-05-01 | N/A | 4.9 MEDIUM |
| The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site. | |||||
| CVE-2021-44153 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or when triggering the Reread/Restart Servers function on the webserver. (Exploitation does not require CVE-2018-15573, because the license file is meant to be changed in the application.) | |||||
| CVE-2022-41719 | 1 Messagepack Project | 1 Messagepack | 2025-04-30 | N/A | 7.5 HIGH |
| Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. | |||||
| CVE-2022-40903 | 1 Aiphone | 8 Gt-db-vn, Gt-db-vn Firmware, Gt-dmb and 5 more | 2025-04-30 | N/A | 6.5 MEDIUM |
| Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 does not mitigate against repeated failed access attempts, which allows an attacker to gain administrative privileges. | |||||
| CVE-2023-21358 | 1 Google | 1 Android | 2025-04-30 | N/A | 7.8 HIGH |
| In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2025-04-30 | N/A | 7.5 HIGH |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | |||||
| CVE-2025-4037 | 1 Fabianros | 1 Atm Banking | 2025-04-30 | 3.2 LOW | 4.4 MEDIUM |
| A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42772 | 1 Jayesh | 1 Hotel Management System | 2025-04-30 | N/A | 7.5 HIGH |
| An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. | |||||
| CVE-2024-42774 | 1 Jayesh | 1 Hotel Management System | 2025-04-30 | N/A | 7.5 HIGH |
| An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. | |||||
| CVE-2024-42775 | 1 Jayesh | 1 Hotel Management System | 2025-04-30 | N/A | 9.1 CRITICAL |
| An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access. | |||||
| CVE-2024-42776 | 1 Jayesh | 1 Hotel Management System | 2025-04-30 | N/A | 7.2 HIGH |
| Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. | |||||
| CVE-2024-57519 | 1 Open5gs | 1 Open5gs | 2025-04-30 | N/A | 7.5 HIGH |
| An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_auth_info function in lib/dbi/subscription.c file. | |||||