Total
4660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | |||||
| CVE-2024-12238 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-18 | N/A | 6.3 MEDIUM |
| The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2025-29662 | 2025-04-18 | N/A | 9.8 CRITICAL | ||
| A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. | |||||
| CVE-2024-40673 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.5 MEDIUM |
| In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-48236 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file | |||||
| CVE-2024-48235 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. | |||||
| CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
| CVE-2024-53303 | 2025-04-17 | N/A | 8.8 HIGH | ||
| A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2025-1532 | 2025-04-17 | N/A | 8.1 HIGH | ||
| Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity. | |||||
| CVE-2025-32596 | 2025-04-17 | N/A | 7.3 HIGH | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3. | |||||
| CVE-2025-32583 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. This issue affects PDF 2 Post: from n/a through 2.4.0. | |||||
| CVE-2021-22646 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 8.8 HIGH |
| The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | |||||
| CVE-2022-43486 | 1 Buffalo | 26 Wcr-1166ds, Wcr-1166ds Firmware, Wex-1800ax4 and 23 more | 2025-04-17 | N/A | 6.8 MEDIUM |
| Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. | |||||
| CVE-2024-54804 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-54805 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. | |||||
| CVE-2024-54806 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. | |||||
| CVE-2024-54807 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. | |||||
| CVE-2024-11613 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-17 | N/A | 9.8 CRITICAL |
| The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. | |||||
| CVE-2024-55085 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | N/A | 9.8 CRITICAL |
| GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | |||||
| CVE-2024-55505 | 1 Codeastro | 1 Complaint Management System | 2025-04-17 | N/A | 8.8 HIGH |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | |||||