Total
5610 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36789 | 1 Microsoft | 1 Skype For Business Server | 2025-04-14 | 7.2 High |
| Skype for Business Remote Code Execution Vulnerability | ||||
| CVE-2022-4223 | 2 Fedoraproject, Pgadmin | 2 Fedora, Pgadmin 4 | 2025-04-14 | 8.8 High |
| The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server. | ||||
| CVE-2024-13345 | 1 Theme-fusion | 1 Avada Builder | 2025-04-14 | 7.3 High |
| The Avada Builder plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-27429 | 2025-04-14 | 9.9 Critical | ||
| SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | ||||
| CVE-2025-26970 | 1 Arktheme | 1 The Ark | 2025-04-14 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core ark-core allows Code Injection.This issue affects Ark Theme Core: from n/a before 1.71.0. | ||||
| CVE-2013-6469 | 1 Redhat | 2 Jboss Fuse Service Works, Jboss Overlord Run Time Governance | 2025-04-12 | N/A |
| JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-6468 | 1 Redhat | 5 Jboss Bpm Suite, Jboss Bpms, Jboss Brms and 2 more | 2025-04-12 | N/A |
| JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression. | ||||
| CVE-2013-5352 | 1 Sharetronix | 1 Sharetronix | 2025-04-12 | N/A |
| Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier. | ||||
| CVE-2015-4726 | 1 Audiosharescript | 1 Audioshare | 2025-04-12 | N/A |
| PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter. | ||||
| CVE-2016-9949 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-04-12 | N/A |
| An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | ||||
| CVE-2013-1756 | 2 Mark Evans, Ruby On Rails | 2 Dragonfly Gem, Ruby On Rails | 2025-04-12 | N/A |
| The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2013-1412 | 1 Dleviet | 1 Datalife Engine | 2025-04-12 | N/A |
| DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. | ||||
| CVE-2013-1397 | 1 Sensiolabs | 1 Symfony | 2025-04-12 | N/A |
| Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348. | ||||
| CVE-2014-6333 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | N/A |
| Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability." | ||||
| CVE-2014-2639 | 1 Hp | 1 Mpio Device Specific Module Manager | 2025-04-12 | N/A |
| Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | ||||
| CVE-2013-6309 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | N/A |
| IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection. | ||||
| CVE-2014-3560 | 3 Canonical, Redhat, Samba | 3 Ubuntu Linux, Enterprise Linux, Samba | 2025-04-12 | N/A |
| NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. | ||||
| CVE-2015-4338 | 1 Xcloner | 1 Xcloner | 2025-04-12 | N/A |
| Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php. | ||||
| CVE-2013-0210 | 1 Theforeman | 1 Foreman | 2025-04-12 | N/A |
| The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. | ||||
| CVE-2012-6141 | 1 Stephen Adkins | 1 App\ | 2025-04-12 | N/A |
| The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized. | ||||