Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41503 | 1 Code-projects | 1 Student Enrollment | 2025-05-05 | N/A | 9.8 CRITICAL |
| Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function. | |||||
| CVE-2022-31691 | 1 Vmware | 5 Bosh Editor, Cloudfoundry Manifest Yml Support, Concourse Ci Pipeline Editor and 2 more | 2025-05-02 | N/A | 9.8 CRITICAL |
| Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. | |||||
| CVE-2025-45947 | 1 Phpgurukul | 1 Online Banquet Booking System | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue in phpgurukul Online Banquet Booking System V1.2 allows an attacker to execute arbitrary code via the /obbs/change-password.php file of the My Account - Change Password component | |||||
| CVE-2024-39331 | 1 Gnu | 1 Emacs | 2025-04-30 | N/A | 9.8 CRITICAL |
| In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | |||||
| CVE-2024-55662 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`. | |||||
| CVE-2024-55877 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 9.9 CRITICAL |
| XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround. | |||||
| CVE-2022-45132 | 1 Linaro | 1 Lava | 2025-04-30 | N/A | 9.8 CRITICAL |
| In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server. | |||||
| CVE-2025-29064 | 1 Totolink | 2 X18, X18 Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi. | |||||
| CVE-2022-44262 | 1 Ff4j | 1 Ff4j | 2025-04-29 | N/A | 9.8 CRITICAL |
| ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2025-32432 | 1 Craftcms | 1 Craft Cms | 2025-04-28 | N/A | 10.0 CRITICAL |
| Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code execution. This is a high-impact, low-complexity attack vector. This issue has been patched in versions 3.9.15, 4.14.15, and 5.6.17, and is an additional fix for CVE-2023-41892. | |||||
| CVE-2024-48579 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-28 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | |||||
| CVE-2024-47219 | 1 Vesoft | 1 Nebulagraph Database | 2025-04-28 | N/A | 9.8 CRITICAL |
| An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. | |||||
| CVE-2022-45908 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-25 | N/A | 9.8 CRITICAL |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. | |||||
| CVE-2022-45907 | 1 Linuxfoundation | 1 Pytorch | 2025-04-25 | N/A | 9.8 CRITICAL |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. | |||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2025-04-25 | N/A | 9.8 CRITICAL |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | |||||
| CVE-2022-43333 | 1 Teleniasoftware | 1 Tvox | 2025-04-24 | N/A | 9.8 CRITICAL |
| Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php. | |||||
| CVE-2023-49032 | 1 Ltb-project | 1 Self Service Password | 2025-04-24 | N/A | 9.8 CRITICAL |
| An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone. | |||||
| CVE-2023-36645 | 1 Itb-pim | 1 Tradepro | 2025-04-24 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. | |||||
| CVE-2022-45550 | 1 Ayacms Project | 1 Ayacms | 2025-04-23 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2023-37582 | 1 Apache | 1 Rocketmq | 2025-04-23 | N/A | 9.8 CRITICAL |
| The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks. | |||||