Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6151 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3491 | 2025-04-29 | 7.2 High | ||
| The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 'template_name' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | ||||
| CVE-2025-2801 | 2025-04-29 | 7.3 High | ||
| The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2021-3661 | 1 Hp | 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more | 2025-04-29 | 8.4 High |
| A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability. | ||||
| CVE-2024-48579 | 2 Mayurik, Php | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-28 | 9.8 Critical |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | ||||
| CVE-2024-47219 | 1 Vesoft | 2 Nebulagraph Database, Nebulagraph Studio | 2025-04-28 | 9.8 Critical |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. | ||||
| CVE-2024-46080 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | 8 High |
| Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. | ||||
| CVE-2024-40487 | 2 Kashipara, Lopalopa | 2 Live Membership System, Live Membership System | 2025-04-28 | 7.6 High |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. | ||||
| CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2025-04-25 | 7.2 High |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | ||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-25 | 9.8 Critical |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | ||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2025-04-25 | 9.8 Critical |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | ||||
| CVE-2024-50960 | 1 Extron | 8 Sme 211, Sme 211 Firmware, Smp 111 and 5 more | 2025-04-25 | 7.2 High |
| A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system. | ||||
| CVE-2025-29039 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | 7.2 High |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | ||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2025-04-25 | 9.8 Critical |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | ||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | 8.8 High |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | 7.2 High |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | ||||
| CVE-2022-43333 | 1 Teleniasoftware | 1 Tvox | 2025-04-24 | 9.8 Critical |
| Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. | ||||
| CVE-2022-32224 | 2 Activerecord Project, Redhat | 2 Activerecord, Satellite | 2025-04-24 | 9.8 Critical |
| A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to escalate to an RCE. | ||||
| CVE-2024-24091 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2025-04-24 | 9.8 Critical |
| Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | ||||
| CVE-2025-3821 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 2.4 Low |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-42374 | 1 Mystenlabs | 2 Sui, Sui Blockchain | 2025-04-24 | 9.8 Critical |
| An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | ||||