Total
4468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10644 | 2025-02-11 | N/A | 9.1 CRITICAL | ||
| Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2023-27650 | 1 Apusapps | 1 Launcher | 2025-02-11 | N/A | 9.8 CRITICAL |
| An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. | |||||
| CVE-2024-55241 | 2025-02-11 | N/A | 8.8 HIGH | ||
| An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component. | |||||
| CVE-2025-0464 | 1 Oretnom23 | 1 Task Reminder System | 2025-02-11 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Maintenance Section. The manipulation of the argument System Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-57609 | 2025-02-10 | N/A | 8.6 HIGH | ||
| An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive information and execute arbitrary code via the redirect_path parameter of the login redirection function. | |||||
| CVE-2025-1155 | 2025-02-10 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove this page in the long term. | |||||
| CVE-2023-1708 | 1 Gitlab | 1 Gitlab | 2025-02-10 | N/A | 5.7 MEDIUM |
| An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. | |||||
| CVE-2025-1114 | 2025-02-10 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-0800 | 1 Argie | 1 Online Courseware | 2025-02-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0961 | 2025-02-10 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1105 | 2025-02-07 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0869 | 2025-02-07 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Cianet ONU GW24AC up to 20250127. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation of the argument browserLang leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-30638 | 1 Atos | 3 Unify Openscape Bcf, Unify Openscape Branch, Unify Openscape Session Border Controller | 2025-02-07 | N/A | 7.2 HIGH |
| Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. | |||||
| CVE-2019-4716 | 1 Ibm | 1 Planning Analytics | 2025-02-07 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | |||||
| CVE-2022-41223 | 1 Mitel | 1 Mivoice Connect | 2025-02-07 | N/A | 6.8 MEDIUM |
| The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | |||||
| CVE-2025-1085 | 2025-02-07 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1082 | 2025-02-06 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-1011 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 8.8 HIGH |
| A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2020-29007 | 1 Mediawiki | 1 Score | 2025-02-06 | N/A | 9.8 CRITICAL |
| The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code. | |||||
| CVE-2024-37228 | 1 Instawp | 1 Instawp Connect | 2025-02-06 | N/A | 10.0 CRITICAL |
| Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. | |||||