Total
291386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39377 | 2025-04-24 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Appsero Helper allows SQL Injection. This issue affects Appsero Helper: from n/a through 1.3.4. | |||||
| CVE-2025-39360 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag allows PHP Local File Inclusion. This issue affects Grace Mag: from n/a through 1.1.5. | |||||
| CVE-2025-39359 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Work Web CWW Portfolio allows PHP Local File Inclusion. This issue affects CWW Portfolio: from n/a through 1.3.1. | |||||
| CVE-2025-32921 | 2025-04-24 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5. | |||||
| CVE-2025-29568 | 2025-04-24 | N/A | 4.8 MEDIUM | ||
| A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | |||||
| CVE-2025-28028 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | |||||
| CVE-2025-28025 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | |||||
| CVE-2025-28022 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | |||||
| CVE-2025-28021 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters | |||||
| CVE-2025-28020 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter. | |||||
| CVE-2025-28019 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in the downloadFile.cgi component | |||||
| CVE-2025-28018 | 2025-04-24 | N/A | 7.3 HIGH | ||
| TOTOLINK A800R V4.1.2cu.5137_B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v14 parameter. | |||||
| CVE-2025-28017 | 2025-04-24 | N/A | 6.5 MEDIUM | ||
| TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command Injection in downloadFile.cgi via the QUERY_STRING parameter. | |||||
| CVE-2024-30148 | 2025-04-24 | N/A | 4.1 MEDIUM | ||
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | |||||
| CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2025-04-24 | N/A | 6.1 MEDIUM |
| An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | |||||
| CVE-2024-24026 | 1 Xxyopen | 1 Novel-plus | 2025-04-24 | N/A | 9.8 CRITICAL |
| An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | |||||
| CVE-2023-6294 | 1 Sygnoos | 1 Popup Builder | 2025-04-24 | N/A | 7.2 HIGH |
| The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. | |||||
| CVE-2023-50386 | 1 Apache | 1 Solr | 2025-04-24 | N/A | 8.8 HIGH |
| Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader. | |||||
| CVE-2023-32835 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-04-24 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | |||||
| CVE-2022-46411 | 1 Veritas | 2 Access Appliance, Netbackup Flex Scale Appliance | 2025-04-24 | N/A | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. | |||||