Total
6195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3386 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 2.4 Low |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3385 | 1 Pb-cms Project | 1 Pb-cms | 2025-04-29 | 2.4 Low |
| A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 2.4 Low |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-28766 | 1 Zoom | 2 Meetings, Rooms | 2025-04-29 | 3.3 Low |
| Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. | ||||
| CVE-2022-4116 | 2 Quarkus, Redhat | 3 Quarkus, Build Of Quarkus, Quarkus | 2025-04-29 | 9.8 Critical |
| A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. | ||||
| CVE-2025-29064 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-29 | 9.8 Critical |
| An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | ||||
| CVE-2022-44262 | 1 Ff4j | 1 Ff4j | 2025-04-29 | 9.8 Critical |
| ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | ||||
| CVE-2022-41158 | 2 Eyoom, Linux | 2 Eyoom Builder, Linux Kernel | 2025-04-29 | 7.2 High |
| Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. | ||||
| CVE-2021-3661 | 1 Hp | 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more | 2025-04-29 | 8.4 High |
| A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | ||||
| CVE-2024-48579 | 2 Mayurik, Php | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-28 | 9.8 Critical |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | ||||
| CVE-2024-47219 | 1 Vesoft | 2 Nebulagraph Database, Nebulagraph Studio | 2025-04-28 | 9.8 Critical |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. | ||||
| CVE-2024-46080 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | 8 High |
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | ||||
| CVE-2024-40487 | 2 Kashipara, Lopalopa | 2 Live Membership System, Live Membership System | 2025-04-28 | 7.6 High |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. | ||||
| CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2025-04-25 | 7.2 High |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | ||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-25 | 9.8 Critical |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | ||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2025-04-25 | 9.8 Critical |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | ||||
| CVE-2024-50960 | 1 Extron | 8 Sme 211, Sme 211 Firmware, Smp 111 and 5 more | 2025-04-25 | 7.2 High |
| A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system. | ||||
| CVE-2025-29039 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | 7.2 High |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | ||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2025-04-25 | 9.8 Critical |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | ||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | 8.8 High |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | ||||