Total
6195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22968 | 1 Dlink | 2 Dwr-m972v, Dwr-m972v Firmware | 2025-05-21 | 9.8 Critical |
| An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions | ||||
| CVE-2025-1955 | 1 Code-projects | 1 Online Class And Exam Scheduling System | 2025-05-21 | 3.5 Low |
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-40497 | 1 Wazuh | 1 Wazuh | 2025-05-21 | 8.8 High |
| Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint. | ||||
| CVE-2022-40486 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2025-05-21 | 8.8 High |
| TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | ||||
| CVE-2024-44411 | 2 D-link, Dlink | 3 Di-8300, Di-8300, Di-8300 Firmware | 2025-05-21 | 9.8 Critical |
| D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | ||||
| CVE-2022-40274 | 2 Gridea, Linux | 2 Gridea, Linux Kernel | 2025-05-20 | 7.8 High |
| Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled. | ||||
| CVE-2024-2016 | 1 Zhicms | 1 Zhicms | 2025-05-19 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-38946 | 1 Divscorp | 1 Doctor-appointment | 2025-05-17 | 9.8 Critical |
| Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. | ||||
| CVE-2025-4547 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-05-16 | 2.4 Low |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | ||||
| CVE-2023-51784 | 1 Apache | 1 Inlong | 2025-05-16 | 9.8 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 | ||||
| CVE-2025-26845 | 1 Znuny | 1 Znuny | 2025-05-16 | 9.8 Critical |
| An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script. | ||||
| CVE-2025-0787 | 1 Esafenet | 1 Cdg | 2025-05-16 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /appDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0785 | 1 Esafenet | 1 Cdg | 2025-05-16 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. This issue affects some unknown processing of the file /SysConfig.jsp. The manipulation of the argument help leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-42902 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2025-05-15 | 8.8 High |
| In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. | ||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-15 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-40871 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-05-15 | 9.8 Critical |
| Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. | ||||
| CVE-2022-40469 | 1 Ikuai8 | 1 Ikuaios | 2025-05-15 | 8.8 High |
| iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | ||||
| CVE-2024-46076 | 1 Ruoyi | 1 Ruoyi | 2025-05-15 | 9.8 Critical |
| RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. | ||||
| CVE-2025-2377 | 1 Janobe | 1 Vehicle Management System | 2025-05-14 | 3.5 Low |
| A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names. | ||||
| CVE-2025-4470 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-14 | 2.4 Low |
| A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||