Total
6191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2074 | 1 Successkid | 1 Harris Wap Chat | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/. | ||||
| CVE-2008-6206 | 1 Robotstats | 1 Robotstats | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) graph.php and (2) robotstats.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6223 | 1 Wotw | 1 Way Of The Warrior | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php. | ||||
| CVE-2025-26818 | 1 Netwrix | 1 Password Secure | 2025-04-08 | 9.8 Critical |
| Netwrix Password Secure through 9.2 allows command injection. | ||||
| CVE-2025-3326 | 1 Iteaj | 1 Iboot | 2025-04-08 | 3.5 Low |
| A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3327 | 1 Iteaj | 1 Iboot | 2025-04-08 | 3.5 Low |
| A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3297 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-08 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-27705 | 1 Leantime | 1 Leantime | 2025-04-08 | 7.6 High |
| Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint. | ||||
| CVE-2024-27476 | 1 Leantime | 1 Leantime | 2025-04-08 | 4.7 Medium |
| Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket. | ||||
| CVE-2024-22722 | 1 Formtools | 1 Form Tools | 2025-04-08 | 7.2 High |
| Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. | ||||
| CVE-2022-42268 | 1 Nvidia | 6 Nvidia Isaac Sim, Omniverse Audio2face, Omniverse Code and 3 more | 2025-04-08 | 7.8 High |
| Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service. | ||||
| CVE-2023-22853 | 1 Tiki | 1 Tiki | 2025-04-07 | 8.8 High |
| Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. | ||||
| CVE-2023-0297 | 1 Pyload | 1 Pyload | 2025-04-07 | 9.8 Critical |
| Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | ||||
| CVE-2022-46648 | 3 Debian, Redhat, Ruby-git Project | 3 Debian Linux, Satellite, Ruby-git | 2025-04-04 | 8 High |
| ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318. | ||||
| CVE-2022-45928 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | 8.8 High |
| A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands. | ||||
| CVE-2025-1548 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 3.5 Low |
| A vulnerability was found in iteachyou Dreamer CMS 4.1.3. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/archives/edit. The manipulation of the argument editorValue/answer/content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-30568 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 9.8 Critical |
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. | ||||
| CVE-2022-47318 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Satellite and 1 more | 2025-04-04 | 8.8 High |
| ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648. | ||||
| CVE-2021-37774 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-04-04 | 8 High |
| An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. | ||||
| CVE-2024-30858 | 2 Netentsec, Ns Asg | 3 Ns-asg, Ns-asg Firmware, Ns Asg | 2025-04-04 | 9.8 Critical |
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | ||||