Total
4910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6477 | 1 Razormist | 1 Student Result Management System | 2025-06-25 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-47032 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function. | |||||
| CVE-2023-47030 | 1 Ncr | 1 Terminal Handler | 2025-06-25 | N/A | 9.8 CRITICAL |
| An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists. | |||||
| CVE-2022-30194 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-24 | N/A | 7.5 HIGH |
| Windows WebBrowser Control Remote Code Execution Vulnerability | |||||
| CVE-2022-30175 | 1 Microsoft | 1 Azure Real Time Operating System Guix Studio | 2025-06-24 | N/A | 7.8 HIGH |
| Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||
| CVE-2022-44794 | 1 Objectfirst | 1 Ootbi | 2025-06-24 | N/A | 8.8 HIGH |
| An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to the Bash interpreter. An attacker would need credentials to exploit this vulnerability. This is fixed in Object First Ootbi BETA build 1.0.13.1611. | |||||
| CVE-2024-47208 | 1 Apache | 1 Ofbiz | 2025-06-24 | N/A | 9.8 CRITICAL |
| Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | |||||
| CVE-2025-3642 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 8.8 HIGH |
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. | |||||
| CVE-2025-3641 | 1 Moodle | 1 Moodle | 2025-06-24 | N/A | 8.8 HIGH |
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. | |||||
| CVE-2025-6126 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /contact.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-6125 | 1 Phpgurukul | 1 Rail Pass Management System | 2025-06-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagedes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6127 | 1 Phpgurukul | 1 Nipah Virus Testing Management System | 2025-06-24 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search-report.php. The manipulation of the argument serachdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26182 | 1 Xxyopen | 1 Novel-plus | 2025-06-24 | N/A | 6.5 MEDIUM |
| An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file | |||||
| CVE-2025-29281 | 1 Perfree | 1 Perfreeblog | 2025-06-24 | N/A | 8.8 HIGH |
| In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them. | |||||
| CVE-2024-13209 | 1 Redaxo | 1 Redaxo | 2025-06-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-41712 | 1 Mitel | 1 Micollab | 2025-06-24 | N/A | 6.6 MEDIUM |
| A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | |||||
| CVE-2024-41714 | 1 Mitel | 2 Micollab, Mivoice Business Solution Virtual Instance | 2025-06-24 | N/A | 8.8 HIGH |
| A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. | |||||
| CVE-2024-50658 | 1 Ipublishmedia | 1 Adportal | 2025-06-24 | N/A | 9.8 CRITICAL |
| Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file | |||||
| CVE-2025-6268 | 2025-06-23 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-24287 | 2025-06-23 | N/A | 6.1 MEDIUM | ||
| A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions. | |||||