Total
6195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50379 | 1 Apache | 1 Ambari | 2025-05-05 | 8.8 High |
| Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. | ||||
| CVE-2022-3869 | 1 Froxlor | 1 Froxlor | 2025-05-05 | 6.1 Medium |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2. | ||||
| CVE-2020-20124 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 8.8 High |
| Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | ||||
| CVE-2024-28424 | 1 Zenml | 1 Zenml | 2025-05-05 | 8.8 High |
| zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2021-33061 | 1 Intel | 6 82599eb, 82599eb Firmware, 82599en and 3 more | 2025-05-05 | 5.5 Medium |
| Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2021-21480 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2025-05-05 | 8.8 High |
| SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. | ||||
| CVE-2023-41503 | 2 Code-projects, Php | 2 Student Enrollment, Student Enrollment | 2025-05-05 | 9.8 Critical |
| Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. | ||||
| CVE-2024-21378 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-05-03 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-29991 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 5 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2022-3721 | 1 Froxlor | 1 Froxlor | 2025-05-02 | 4.6 Medium |
| Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39. | ||||
| CVE-2022-31691 | 1 Vmware | 5 Bosh Editor, Cloudfoundry Manifest Yml Support, Concourse Ci Pipeline Editor and 2 more | 2025-05-02 | 9.8 Critical |
| Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. | ||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2025-05-02 | 5.5 Medium |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | ||||
| CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-02 | 8.8 High |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | ||||
| CVE-2022-3418 | 1 Soflyy | 1 Wp All Import | 2025-05-01 | 7.2 High |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | ||||
| CVE-2022-43572 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-01 | 7.5 High |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | ||||
| CVE-2024-43425 | 1 Moodle | 1 Moodle | 2025-05-01 | 8.1 High |
| A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions. | ||||
| CVE-2024-28593 | 1 Moodle | 1 Moodle | 2025-05-01 | 5.4 Medium |
| The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle." | ||||
| CVE-2024-24520 | 1 Lepton-cms | 1 Leptoncms | 2025-05-01 | 7.8 High |
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | ||||
| CVE-2024-30202 | 1 Gnu | 2 Emacs, Org Mode | 2025-05-01 | 7.8 High |
| In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | ||||
| CVE-2022-44089 | 1 Ecisp | 1 Espcms | 2025-05-01 | 9.8 Critical |
| ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE. | ||||