Total
5229 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-42947 | 2025-07-25 | N/A | 5.5 MEDIUM | ||
| SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application. | |||||
| CVE-2016-15044 | 2025-07-25 | N/A | N/A | ||
| A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process. | |||||
| CVE-2025-8155 | 2025-07-25 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-37105 | 1 Hpe | 1 Autopass License Server | 2025-07-25 | N/A | 7.5 HIGH |
| An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18. | |||||
| CVE-2025-53867 | 2025-07-24 | N/A | 9.8 CRITICAL | ||
| Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. | |||||
| CVE-2024-21760 | 1 Fortinet | 1 Fortisoar | 2025-07-24 | N/A | 8.4 HIGH |
| An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet. | |||||
| CVE-2025-47988 | 1 Microsoft | 1 Azure Monitor Agent | 2025-07-23 | N/A | 7.5 HIGH |
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | |||||
| CVE-2025-7840 | 1 Campcodes | 1 Online Movie Theater Seat Reservation System | 2025-07-23 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=reserve of the component Reserve Your Seat Page. The manipulation of the argument Firstname/Lastname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-32925 | 1 Google | 1 Android | 2025-07-22 | N/A | 8.8 HIGH |
| In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-7803 | 2025-07-22 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-2699 | 1 Getme | 1 Contenttools | 2025-07-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0664 | 2025-07-22 | N/A | N/A | ||
| A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges. | |||||
| CVE-2025-7865 | 2025-07-22 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-7800 | 2025-07-22 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-6131 | 1 Codeastro | 1 Food Ordering System | 2025-07-18 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-34124 | 2025-07-17 | N/A | N/A | ||
| A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game. | |||||
| CVE-2025-34123 | 2025-07-17 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data in the XML 'Name' attribute, leading to an SEH overwrite condition. An attacker can exploit this vulnerability by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user. | |||||
| CVE-2025-7748 | 2025-07-17 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-34127 | 2025-07-17 | N/A | N/A | ||
| A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution. | |||||
| CVE-2025-34128 | 2025-07-17 | N/A | N/A | ||
| A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this vulnerability by supplying crafted input to cause memory corruption and execute arbitrary code within the context of the current process. | |||||