Total
4475 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2715 | 2025-03-27 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2709 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2710 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2712 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-48818 | 2025-03-27 | N/A | 9.8 CRITICAL | ||
| An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. | |||||
| CVE-2025-2711 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2714 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/agent-register/addagent. The manipulation of the argument plan_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-28893 | 2025-03-27 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. This issue affects Visual Text Editor: from n/a through 1.2.1. | |||||
| CVE-2024-41643 | 2025-03-27 | N/A | 6.8 MEDIUM | ||
| An issue in Arris NVG443B 9.3.0h3d36 allows a physically proximate attacker to execute arbitrary code via the cshell login component. | |||||
| CVE-2025-2867 | 2025-03-27 | N/A | 4.4 MEDIUM | ||
| An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. | |||||
| CVE-2025-2650 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-03-27 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /download-medical-cards.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24525 | 1 Epoint | 1 Epointwebbuilder | 2025-03-27 | N/A | 9.8 CRITICAL |
| An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. | |||||
| CVE-2022-27537 | 1 Hp | 654 Dragonfly Folio G3 2-in-1, Dragonfly Folio G3 2-in-1 Firmware, Elite Dragonfly and 651 more | 2025-03-27 | N/A | 7.8 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities. | |||||
| CVE-2024-28893 | 2025-03-27 | N/A | 7.7 HIGH | ||
| Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). | |||||
| CVE-2022-48093 | 1 Seacms | 1 Seacms | 2025-03-27 | N/A | 7.2 HIGH |
| Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. | |||||
| CVE-2024-25350 | 1 Phpgurukul | 1 Zoo Management System | 2025-03-27 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. | |||||
| CVE-2024-25202 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-27 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. | |||||
| CVE-2022-3236 | 1 Sophos | 1 Firewall | 2025-03-27 | N/A | 9.8 CRITICAL |
| A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older. | |||||
| CVE-2024-22632 | 2025-03-26 | N/A | 9.8 CRITICAL | ||
| Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request. | |||||
| CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2025-03-26 | N/A | 8.8 HIGH |
| PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | |||||