Total
4921 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35034 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-01-06 | 9.8 Critical |
| Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033. | ||||
| CVE-2019-16283 | 2 Hp, Microsoft | 2 Softpaq Installer, Windows | 2025-01-06 | 7.8 High |
| A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution. | ||||
| CVE-2024-13034 | 1 Code-projects | 1 Chat System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-10382 | 1 Google | 1 Android | 2025-01-06 | 7.5 High |
| There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02. | ||||
| CVE-2023-6604 | 2025-01-06 | 5.3 Medium | ||
| A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | ||||
| CVE-2023-6601 | 2025-01-06 | 4.7 Medium | ||
| A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | ||||
| CVE-2025-0220 | 2025-01-06 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11733 | 2025-01-06 | 7.3 High | ||
| The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-13075 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13076 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13077 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/add-property.php. The manipulation of the argument Land Subtype leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13081 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0219 | 2025-01-06 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-13143 | 2025-01-06 | 2.4 Low | ||
| A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-13082 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/search-property.php. The manipulation of the argument Search By leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13083 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument Admin Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-32546 | 1 Chatwork | 1 Chatwork | 2025-01-03 | 4.4 Medium |
| Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent. | ||||
| CVE-2023-30179 | 1 Craftcms | 1 Craft Cms | 2025-01-03 | 7.2 High |
| CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrators can add this Twig code, and (by design) Administrators are allowed to do that by default. | ||||
| CVE-2023-3224 | 1 Nuxt | 1 Nuxt | 2025-01-03 | 9.8 Critical |
| Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | ||||
| CVE-2024-28119 | 1 Getgrav | 1 Grav | 2025-01-02 | 8.8 High |
| Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue. | ||||