Total
5367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22204 | 3 Debian, Exiftool Project, Fedoraproject | 3 Debian Linux, Exiftool, Fedora | 2025-11-03 | 6.8 MEDIUM | 6.8 MEDIUM |
| Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | |||||
| CVE-2023-22952 | 1 Sugarcrm | 1 Sugarcrm | 2025-11-03 | N/A | 8.8 HIGH |
| In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | |||||
| CVE-2020-13756 | 1 Sabberworm | 1 Php Css Parser | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. | |||||
| CVE-2023-25717 | 2 Commscope, Ruckuswireless | 61 Ruckus Smartzone Firmware, E510, H320 and 58 more | 2025-11-03 | N/A | 9.8 CRITICAL |
| Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | |||||
| CVE-2022-41223 | 1 Mitel | 1 Mivoice Connect | 2025-11-03 | N/A | 6.8 MEDIUM |
| The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. | |||||
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-11-03 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | |||||
| CVE-2021-22900 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2025-12280 | 1 Fabian | 1 Client Details System | 2025-11-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12281 | 1 Fabian | 1 Client Details System | 2025-11-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-12282 | 1 Fabian | 1 Client Details System | 2025-11-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12303 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-11-03 | 3.3 LOW | 2.4 LOW |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12302 | 1 Fabian | 1 Simple Food Ordering System | 2025-11-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-12300 | 1 Fabian | 1 Simple Food Ordering System | 2025-11-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-12299 | 1 Fabian | 1 Simple Food Ordering System | 2025-11-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12298 | 1 Fabian | 1 Simple Food Ordering System | 2025-11-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2018-14667 | 1 Redhat | 2 Enterprise Linux, Richfaces | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. | |||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-10-31 | N/A | 9.8 CRITICAL |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | |||||
| CVE-2025-12334 | 1 Fabian | 1 E-commerce Website | 2025-10-31 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12332 | 1 Remyandrade | 1 Student Grades Management System | 2025-10-31 | 3.3 LOW | 2.4 LOW |
| A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used. | |||||