Total
4630 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26483 | 1 Getkirby | 1 Kirby | 2025-04-22 | 8.8 High |
| An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. | ||||
| CVE-2022-37155 | 1 Spip | 1 Spip | 2025-04-22 | 8.8 High |
| RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | ||||
| CVE-2022-41945 | 1 Super-xray Project | 1 Super-xray | 2025-04-22 | 6.5 Medium |
| super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. | ||||
| CVE-2024-25202 | 1 Phpgurukul | 2 User Registration \& Login And User Management System, User Registration And Login And User Management System | 2025-04-22 | 6.1 Medium |
| Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. | ||||
| CVE-2024-25350 | 1 Phpgurukul | 1 Zoo Management System | 2025-04-22 | 9.8 Critical |
| SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. | ||||
| CVE-2022-46161 | 1 Pdfmake Project | 1 Pdfmake | 2025-04-22 | 10 Critical |
| pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input. | ||||
| CVE-2022-46157 | 1 Akeneo | 1 Product Information Management | 2025-04-22 | 8.8 High |
| Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location "/index.php">`. | ||||
| CVE-2024-25291 | 1 Deskfiler | 1 Deskfiler | 2025-04-22 | 9.8 Critical |
| Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. | ||||
| CVE-2023-51801 | 2 Oretnom23, Simple Atudent Attendance System | 2 Simple Student Attendance System, Simple Atudent Attendance System | 2025-04-22 | 9.8 Critical |
| SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | ||||
| CVE-2024-36694 | 1 Opencart | 1 Opencart | 2025-04-22 | 7.2 High |
| OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | ||||
| CVE-2024-56518 | 2025-04-22 | 9.8 Critical | ||
| Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | ||||
| CVE-2024-53924 | 2025-04-22 | 9.8 Critical | ||
| Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | ||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | ||||
| CVE-2024-43771 | 1 Google | 1 Android | 2025-04-22 | 8.8 High |
| In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43770 | 1 Google | 1 Android | 2025-04-22 | 8.8 High |
| In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-49747 | 1 Google | 1 Android | 2025-04-22 | 9.8 Critical |
| In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-41264 | 1 Sap | 1 Basis | 2025-04-22 | 8.8 High |
| Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. | ||||
| CVE-2023-51317 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-22 | 6.5 Medium |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2024-44724 | 2 Autocms, Autocms Project | 2 Autocms, Autocms | 2025-04-22 | 7.2 High |
| AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value. | ||||
| CVE-2023-51320 | 1 Phpjabbers | 1 Night Club Booking Software | 2025-04-22 | 5.3 Medium |
| PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | ||||