Total
88219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22488 | 1 Ibm | 6 Power System Ac922 \(8335-gtg\), Power System Ac922 \(8335-gtg\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2025-04-28 | N/A | 4.9 MEDIUM |
| IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a denial of service by uploading or deleting too many CA certificates in a short period of time. IBM X-Force ID: 2226337. | |||||
| CVE-2025-29018 | 1 Codeastro | 1 Internet Banking System | 2025-04-28 | N/A | 4.8 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0. | |||||
| CVE-2022-42095 | 1 Backdropcms | 1 Backdrop Cms | 2025-04-28 | N/A | 4.8 MEDIUM |
| Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. | |||||
| CVE-2024-45870 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | N/A | 6.5 MEDIUM |
| Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. | |||||
| CVE-2024-45871 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | N/A | 6.3 MEDIUM |
| Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). | |||||
| CVE-2024-45872 | 1 Bandisoft | 1 Bandiview | 2025-04-28 | N/A | 6.3 MEDIUM |
| Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. | |||||
| CVE-2024-46077 | 1 Mayurik | 1 Online Tours And Travels Management System | 2025-04-28 | N/A | 5.4 MEDIUM |
| itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. | |||||
| CVE-2024-46654 | 1 Maccms | 1 Maccms | 2025-04-28 | N/A | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2024-33867 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 4.8 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. | |||||
| CVE-2024-33866 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 5.5 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. | |||||
| CVE-2024-33864 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2025-04-28 | N/A | 5.9 MEDIUM |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript. | |||||
| CVE-2024-9036 | 1 Angeljudesuarez | 1 Online Book Store Project | 2025-04-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-46082 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. | |||||
| CVE-2024-46083 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger actions for administrator users. | |||||
| CVE-2024-46079 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 6.1 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. | |||||
| CVE-2024-46081 | 1 Scriptcase | 1 Scriptcase | 2025-04-28 | N/A | 5.4 MEDIUM |
| Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform. | |||||
| CVE-2024-55514 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2025-04-28 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | |||||
| CVE-2024-29507 | 1 Artifex | 1 Ghostscript | 2025-04-28 | N/A | 5.4 MEDIUM |
| Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. | |||||
| CVE-2024-29510 | 1 Artifex | 1 Ghostscript | 2025-04-28 | N/A | 6.3 MEDIUM |
| Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. | |||||
| CVE-2024-39843 | 1 Centreon | 1 Centreon | 2025-04-28 | N/A | 6.7 MEDIUM |
| A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. | |||||