Total
4660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33871 | 1 Artifex | 1 Ghostscript | 2025-04-16 | N/A | 8.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. | |||||
| CVE-2024-34225 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | |||||
| CVE-2024-33443 | 1 Onethink | 1 Onethink | 2025-04-16 | N/A | 7.1 HIGH |
| An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. | |||||
| CVE-2022-22756 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 8.8 HIGH |
| If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2025-3688 | 2025-04-16 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26996 | 2025-04-16 | N/A | 6.5 MEDIUM | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1. | |||||
| CVE-2025-0721 | 1 Needyamin | 1 Image Gallery Management System | 2025-04-16 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-27678 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001. | |||||
| CVE-2025-27657 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. | |||||
| CVE-2025-3114 | 2025-04-15 | N/A | N/A | ||
| Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. | |||||
| CVE-2025-3613 | 2025-04-15 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in Demtec Graphytics 5.0.7 and classified as problematic. This vulnerability affects unknown code of the file /visualization. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3592 | 2025-04-15 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3579 | 2025-04-15 | N/A | N/A | ||
| In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api/<string-chat>/message endpoint, manipulating the content of the ‘content’ parameter. | |||||
| CVE-2025-3560 | 2025-04-15 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3554 | 2025-04-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3612 | 2025-04-15 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3591 | 2025-04-15 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-30923 | 1 Derbynet | 1 Derbynet | 2025-04-15 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | |||||
| CVE-2024-36078 | 1 Zammad | 1 Zammad | 2025-04-15 | N/A | 6.7 MEDIUM |
| In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user). | |||||
| CVE-2022-46101 | 1 Ayacms Project | 1 Ayacms | 2025-04-15 | N/A | 8.8 HIGH |
| AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. | |||||