Total
4516 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43946 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| TCPWave DDI 11.34P1C2 allows Remote Code Execution via Unrestricted File Upload (combined with Path Traversal). | |||||
| CVE-2023-43958 | 2025-04-23 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | |||||
| CVE-2022-43660 | 1 Sixapart | 1 Movable Type | 2025-04-23 | N/A | 7.2 HIGH |
| Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | |||||
| CVE-2025-0618 | 2025-04-23 | N/A | 6.5 MEDIUM | ||
| A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX. | |||||
| CVE-2025-3842 | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3472 | 2025-04-23 | N/A | 6.5 MEDIUM | ||
| The Ocean Extra plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.4.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes when WooCommerce is also installed and activated. | |||||
| CVE-2025-23251 | 2025-04-23 | N/A | 7.6 HIGH | ||
| NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
| CVE-2023-51313 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-23 | N/A | 8.8 HIGH |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | |||||
| CVE-2024-54803 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-22 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-50960 | 1 Extron | 8 Smp 111, Smp 111 Firmware, Smp 211 and 5 more | 2025-04-22 | N/A | 7.2 HIGH |
| A command injection vulnerability in the Nmap diagnostic tool in the admin web console of Extron SMP 111 <=3.01, SMP 351 <=2.16, SMP 352 <= 2.16, and SME 211 <= 3.02, allows a remote authenticated attacker to execute arbitrary commands as root on the underlying operating system. | |||||
| CVE-2025-3115 | 1 Tibco | 6 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Deployment Kit and 3 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | |||||
| CVE-2022-37155 | 1 Spip | 1 Spip | 2025-04-22 | N/A | 8.8 HIGH |
| RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | |||||
| CVE-2024-36694 | 1 Opencart | 1 Opencart | 2025-04-22 | N/A | 7.2 HIGH |
| OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | |||||
| CVE-2024-56518 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
| Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | |||||
| CVE-2024-53924 | 2025-04-22 | N/A | 9.8 CRITICAL | ||
| Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | |||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | 10.0 HIGH | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | |||||
| CVE-2024-43771 | 1 Google | 1 Android | 2025-04-22 | N/A | 8.8 HIGH |
| In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-43770 | 1 Google | 1 Android | 2025-04-22 | N/A | 8.8 HIGH |
| In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49747 | 1 Google | 1 Android | 2025-04-22 | N/A | 9.8 CRITICAL |
| In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-51317 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-22 | N/A | 6.5 MEDIUM |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | |||||