Total
6193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55085 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | 9.8 Critical |
| GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | ||||
| CVE-2024-55505 | 1 Codeastro | 1 Complaint Management System | 2025-04-17 | 8.8 High |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | ||||
| CVE-2024-33871 | 2 Artifex, Redhat | 7 Ghostscript, Enterprise Linux, Rhel Aus and 4 more | 2025-04-16 | 8.8 High |
| An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. | ||||
| CVE-2024-34225 | 2 Computer Laboratory Management System, Oretnom23 | 2 Compuer Labatory Management System, Computer Laboratory Management System | 2025-04-16 | 6.1 Medium |
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | ||||
| CVE-2024-33443 | 1 Onethink | 1 Onethink | 2025-04-16 | 7.1 High |
| An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. | ||||
| CVE-2022-22985 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2025-04-16 | 8.8 High |
| The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. | ||||
| CVE-2022-24915 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2025-04-16 | 8 High |
| The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). | ||||
| CVE-2022-1159 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2025-04-16 | 7.7 High |
| Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | ||||
| CVE-2020-25197 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2025-04-16 | 9.8 Critical |
| A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | ||||
| CVE-2021-27446 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2025-04-16 | 10 Critical |
| The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | ||||
| CVE-2022-22763 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2022-22756 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2025-0721 | 1 Needyamin | 1 Image Gallery Management System | 2025-04-16 | 4.3 Medium |
| A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-36078 | 1 Zammad | 1 Zammad | 2025-04-15 | 6.7 Medium |
| In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user). | ||||
| CVE-2022-46101 | 1 Ayacms Project | 1 Ayacms | 2025-04-15 | 8.8 High |
| AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. | ||||
| CVE-2025-3036 | 1 Yzk2356911358 | 1 Studentservlet-jsp | 2025-04-15 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2017-20064 | 1 Elefantcms | 1 Elefant Cms | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2022-46874 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-04-15 | 8.8 High |
| A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. | ||||
| CVE-2017-20086 | 1 Automattic | 1 Vaultpress | 2025-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely. | ||||
| CVE-2017-20095 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | ||||