Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6151 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2195 | 1 Mrcms | 1 Mrcms | 2025-04-09 | 3.5 Low |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22905 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | 9.8 Critical |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | ||||
| CVE-2025-22906 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | 9.8 Critical |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | ||||
| CVE-2024-54907 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-09 | 8.8 High |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. | ||||
| CVE-2025-22133 | 1 Wegia | 1 Wegia | 2025-04-09 | 10 Critical |
| WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2022-4847 | 1 Usememos | 1 Memos | 2025-04-09 | 6.5 Medium |
| Incorrectly Specified Destination in a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4848 | 1 Usememos | 1 Memos | 2025-04-09 | 5.7 Medium |
| Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2023-0048 | 1 Daloradius | 1 Daloradius | 2025-04-09 | 8.8 High |
| Code Injection in GitHub repository lirantal/daloradius prior to master-branch. | ||||
| CVE-2024-2497 | 1 Raspap | 1 Raspap | 2025-04-09 | 4.7 Medium |
| A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3397 | 1 Yzmcms | 1 Yzmcms | 2025-04-09 | 4.3 Medium |
| A vulnerability classified as problematic has been found in YzmCMS 7.1. Affected is an unknown function of the file message.tpl. The manipulation of the argument gourl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-35339 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-04-09 | 9.8 Critical |
| Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac. | ||||
| CVE-2025-25789 | 1 Foxcms | 1 Foxcms | 2025-04-09 | 9.8 Critical |
| FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php. | ||||
| CVE-2023-0022 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-04-09 | 9.9 Critical |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-1337 | 2025-04-09 | 3.5 Low | ||
| A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.5.27.0 is able to address this issue. | ||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2025-04-09 | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | ||||
| CVE-2006-4812 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Application Stack | 2025-04-09 | N/A |
| Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). | ||||
| CVE-2006-5021 | 1 Redblog | 1 Redblog | 2025-04-09 | 9.8 Critical |
| Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-7181 | 1 Morcego Cms | 1 Morcego Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker | ||||
| CVE-2006-7237 | 1 Ixprim-cms | 1 Ixprim | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-0025 | 1 Microsoft | 2 Visual Studio .net, Windows 2003 Server | 2025-04-09 | N/A |
| The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. | ||||