Total
4401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3563 | 1 Wuzhicms | 1 Wuzhicms | 2025-04-29 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13069 | 1 Rems | 1 Multi Role Login System | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13021 | 1 Rems | 1 Road Accident Map Marker | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name/details leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-3489 | 1 Nababur | 1 Simple-user-management-system | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Nababur Simple-User-Management-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument name/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3387 | 1 Renrenio | 1 Renren-security | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3386 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3385 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1976 | 1 Broadcom | 1 Fabric Operating System | 2025-04-29 | N/A | 6.7 MEDIUM |
| Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. | |||||
| CVE-2025-4075 | 2025-04-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input "><script>alert(1)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29064 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | |||||
| CVE-2022-44262 | 1 Ff4j | 1 Ff4j | 2025-04-29 | N/A | 9.8 CRITICAL |
| ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2025-45947 | 2025-04-29 | N/A | 9.8 CRITICAL | ||
| An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component | |||||
| CVE-2025-31722 | 1 Jenkins | 1 Templating Engine | 2025-04-29 | N/A | 8.8 HIGH |
| In Jenkins Templating Engine Plugin 2.5.3 and earlier, libraries defined in folders are not subject to sandbox protection, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM. | |||||
| CVE-2025-3776 | 2025-04-29 | N/A | 8.3 HIGH | ||
| The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes it possible for unauthenticated attackers to execute any callable function on the site, such as phpinfo(). | |||||
| CVE-2025-3641 | 2025-04-29 | N/A | 8.8 HIGH | ||
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. | |||||
| CVE-2025-3642 | 2025-04-29 | N/A | 8.8 HIGH | ||
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. | |||||
| CVE-2024-13808 | 2025-04-29 | N/A | 8.8 HIGH | ||
| The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | |||||
| CVE-2025-3999 | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4011 | 2025-04-29 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component. | |||||