Total
4403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3994 | 2025-04-29 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4022 | 2025-04-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13812 | 2025-04-29 | N/A | 6.5 MEDIUM | ||
| The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2024-32499 | 2025-04-29 | N/A | 4.9 MEDIUM | ||
| Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed. | |||||
| CVE-2025-3995 | 2025-04-29 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-3661 | 1 Hp | 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more | 2025-04-29 | N/A | 8.4 HIGH |
| A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | |||||
| CVE-2025-32432 | 1 Craftcms | 1 Craft Cms | 2025-04-28 | N/A | 10.0 CRITICAL |
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. | |||||
| CVE-2024-48579 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-28 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | |||||
| CVE-2024-47219 | 1 Vesoft | 1 Nebulagraph Database | 2025-04-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. | |||||
| CVE-2024-46080 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 8.0 HIGH |
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | |||||
| CVE-2024-40487 | 1 Lopalopa | 1 Live Membership System | 2025-04-28 | N/A | 7.6 HIGH |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. | |||||
| CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2025-04-25 | N/A | 7.2 HIGH |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | |||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-25 | N/A | 9.8 CRITICAL |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | |||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2025-04-25 | N/A | 9.8 CRITICAL |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | |||||
| CVE-2024-22988 | 1 Zkteco | 1 Zkbio Wdms | 2025-04-25 | N/A | 9.8 CRITICAL |
| An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. | |||||
| CVE-2024-50960 | 1 Extron | 8 Sme 211, Sme 211 Firmware, Smp 111 and 5 more | 2025-04-25 | N/A | 7.2 HIGH |
| A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system. | |||||
| CVE-2025-29039 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | N/A | 7.2 HIGH |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | |||||
| CVE-2023-42875 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-04-25 | N/A | 7.3 HIGH |
| Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. | |||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | |||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | N/A | 8.8 HIGH |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | |||||