Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10173 | 2 Oracle, X-stream | 10 Banking Platform, Business Activity Monitoring, Communications Billing And Revenue Management Elastic Charging Engine and 7 more | 2025-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285) | |||||
| CVE-2024-48744 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-03-31 | N/A | 6.1 MEDIUM |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter. | |||||
| CVE-2024-48279 | 1 Phpgurukul | 1 User Registration \& Login And User Management System | 2025-03-31 | N/A | 7.6 HIGH |
| A HTML Injection vulnerability was found in /search-result.php of PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to execute arbitrary HTML code via the searchkey parameter in a POST HTTP request. | |||||
| CVE-2025-2787 | 2025-03-31 | N/A | N/A | ||
| KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above * | |||||
| CVE-2024-34461 | 2025-03-29 | N/A | 9.8 CRITICAL | ||
| Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator. | |||||
| CVE-2024-29477 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-03-28 | N/A | 8.8 HIGH |
| Lack of sanitization during Installation Process in Dolibarr ERP CRM up to version 19.0.0 allows an attacker with adjacent access to the network to execute arbitrary code via a specifically crafted input. | |||||
| CVE-2025-1159 | 1 Campcodes | 1 School Management Software | 2025-03-28 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2878 | 2025-03-28 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in Kentico CMS up to 13.0.178. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /CMSInstall/install.aspx of the component Additional Database Installation Wizard. The manipulation of the argument new database leads to cross site scripting. The attack can be launched remotely. Upgrading to version 13.0.179 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2024-57707 | 1 Dataease | 1 Dataease | 2025-03-28 | N/A | 9.8 CRITICAL |
| An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components. | |||||
| CVE-2024-42599 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 8.8 HIGH |
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | |||||
| CVE-2024-46640 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
| SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. | |||||
| CVE-2024-50808 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 8.8 HIGH |
| SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php. | |||||
| CVE-2024-12983 | 1 Fabianros | 1 Hospital Management System | 2025-03-28 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-42598 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 6.7 MEDIUM |
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | |||||
| CVE-2024-30565 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 8.8 HIGH |
| An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. | |||||
| CVE-2022-48116 | 1 Ayacms Project | 1 Ayacms | 2025-03-28 | N/A | 7.2 HIGH |
| AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. | |||||
| CVE-2024-27622 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-03-28 | N/A | 7.2 HIGH |
| A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. | |||||
| CVE-2024-31666 | 1 Flusity | 1 Flusity | 2025-03-28 | N/A | 9.8 CRITICAL |
| An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. | |||||
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2025-03-28 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | |||||
| CVE-2025-2361 | 2025-03-27 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||