Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13812 | 2025-04-26 | N/A | 6.5 MEDIUM | ||
| The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2025-3491 | 2025-04-26 | N/A | 7.2 HIGH | ||
| The Add custom page template plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'acpt_validate_setting' function. This is due to insufficient sanitization of the 'template_name' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | |||||
| CVE-2024-13808 | 2025-04-26 | N/A | 8.8 HIGH | ||
| The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only being client side controls when determining who can access the widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | |||||
| CVE-2025-2801 | 2025-04-26 | N/A | 7.3 HIGH | ||
| The The Create custom forms for WordPress with a smart form plugin for smart businesses plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2022-39833 | 1 Filecloud | 1 Filecloud | 2025-04-25 | N/A | 7.2 HIGH |
| FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request. | |||||
| CVE-2025-32432 | 2025-04-25 | N/A | 10.0 CRITICAL | ||
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. | |||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-25 | N/A | 9.8 CRITICAL |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | |||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2025-04-25 | N/A | 9.8 CRITICAL |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | |||||
| CVE-2024-22988 | 1 Zkteco | 1 Zkbio Wdms | 2025-04-25 | N/A | 9.8 CRITICAL |
| An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. | |||||
| CVE-2024-50960 | 1 Extron | 8 Sme 211, Sme 211 Firmware, Smp 111 and 5 more | 2025-04-25 | N/A | 7.2 HIGH |
| A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system. | |||||
| CVE-2025-29039 | 1 Dlink | 2 Dir-823x, Dir-823x Firmware | 2025-04-25 | N/A | 7.2 HIGH |
| An issue in dlink DIR 832x 240802 allows a remote attacker to execute arbitrary code via the function 0x41dda8 | |||||
| CVE-2023-42875 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-04-25 | N/A | 7.3 HIGH |
| Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. | |||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | |||||
| CVE-2025-3642 | 2025-04-25 | N/A | 8.8 HIGH | ||
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled. | |||||
| CVE-2025-3641 | 2025-04-25 | N/A | 8.8 HIGH | ||
| A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled. | |||||
| CVE-2022-3713 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | N/A | 8.8 HIGH |
| A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-3696 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-24 | N/A | 7.2 HIGH |
| A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall releases older than version 19.5 GA. | |||||
| CVE-2022-43333 | 1 Teleniasoftware | 1 Tvox | 2025-04-24 | N/A | 9.8 CRITICAL |
| Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. | |||||
| CVE-2025-3821 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3822 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||