Total
4525 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8020 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 6.0 MEDIUM | 8.0 HIGH |
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | |||||
CVE-2016-2242 | 1 Exponentcms | 1 Exponent Cms | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | |||||
CVE-2017-15935 | 1 Artica | 1 Pandora Fms | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. | |||||
CVE-2017-11675 | 1 Zen-cart | 1 Zen Cart | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | |||||
CVE-2015-3640 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. | |||||
CVE-2017-9841 | 2 Oracle, Phpunit Project | 2 Communications Diameter Signaling Router, Phpunit | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | |||||
CVE-2024-31022 | 1 Candy | 1 Candycms | 2025-04-18 | N/A | 9.8 CRITICAL |
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | |||||
CVE-2024-12238 | 1 Ninjaforms | 1 Ninja Forms | 2025-04-18 | N/A | 6.3 MEDIUM |
The The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
CVE-2025-29662 | 2025-04-18 | N/A | 9.8 CRITICAL | ||
A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. | |||||
CVE-2024-40673 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.5 MEDIUM |
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2024-48236 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file | |||||
CVE-2024-48235 | 1 Ofcms Project | 1 Ofcms | 2025-04-18 | N/A | 6.5 MEDIUM |
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. | |||||
CVE-2023-51018 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2025-04-17 | N/A | 9.8 CRITICAL |
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘opmode’ parameter of the setWiFiApConfig interface of the cstecgi .cgi. | |||||
CVE-2024-53303 | 2025-04-17 | N/A | 8.8 HIGH | ||
A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request. | |||||
CVE-2025-3692 | 2025-04-17 | 3.3 LOW | 2.4 LOW | ||
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2025-1532 | 2025-04-17 | N/A | 8.1 HIGH | ||
Phoneservice module is affected by code injection vulnerability, successful exploitation of this vulnerability may affect service confidentiality and integrity. | |||||
CVE-2025-32583 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post allows Remote Code Inclusion. This issue affects PDF 2 Post: from n/a through 2.4.0. | |||||
CVE-2025-32596 | 2025-04-17 | N/A | 7.3 HIGH | ||
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3. | |||||
CVE-2025-26014 | 2025-04-17 | N/A | 9.8 CRITICAL | ||
A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter. | |||||
CVE-2021-22646 | 1 Ovarro | 15 Tbox Lt2-530, Tbox Lt2-530 Firmware, Tbox Lt2-532 and 12 more | 2025-04-17 | N/A | 8.8 HIGH |
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. |