Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4470 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-14 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2019-10173 | 2 Oracle, Xstream | 10 Banking Platform, Business Activity Monitoring, Communications Billing And Revenue Management Elastic Charging Engine and 7 more | 2025-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285) | |||||
| CVE-2025-4022 | 1 Webarena | 1 Webarena | 2025-05-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2015-2079 | 1 Webmin | 1 Usermin | 2025-05-14 | N/A | 9.9 CRITICAL |
| Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open. | |||||
| CVE-2025-2673 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2022-41576 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.8 HIGH |
| The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | |||||
| CVE-2025-45857 | 2025-05-14 | N/A | 9.8 CRITICAL | ||
| EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. | |||||
| CVE-2023-43958 | 1 Kishan0725 | 1 Hospital Management System | 2025-05-14 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | |||||
| CVE-2025-0794 | 1 Esafenet | 1 Cdg | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0795 | 1 Esafenet | 1 Cdg | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | N/A | 9.8 CRITICAL |
| GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | |||||
| CVE-2025-44071 | 1 Seacms | 1 Seacms | 2025-05-13 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2024-57099 | 1 Classcms | 1 Classcms | 2025-05-13 | N/A | 9.8 CRITICAL |
| ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. | |||||
| CVE-2025-43010 | 2025-05-13 | N/A | 8.3 HIGH | ||
| SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application. | |||||
| CVE-2024-25180 | 1 Pdfmake Project | 1 Pdfmake | 2025-05-13 | N/A | 9.8 CRITICAL |
| An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | |||||
| CVE-2024-25293 | 1 Mjml | 1 Mjml App | 2025-05-13 | N/A | 9.3 CRITICAL |
| mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. | |||||
| CVE-2025-25944 | 1 Axiosys | 1 Bento4 | 2025-05-13 | N/A | 7.3 HIGH |
| Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file. | |||||
| CVE-2025-25943 | 1 Axiosys | 1 Bento4 | 2025-05-13 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. | |||||
| CVE-2025-0483 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-23376 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 2.3 LOW |
| Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. | |||||