Total
4542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4745 | 2025-05-16 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4469 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-16 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-42902 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2025-05-15 | N/A | 8.8 HIGH |
| In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. | |||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-15 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40871 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-05-15 | N/A | 9.8 CRITICAL |
| Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. | |||||
| CVE-2022-40469 | 1 Ikuai8 | 1 Ikuaios | 2025-05-15 | N/A | 8.8 HIGH |
| iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability. | |||||
| CVE-2023-5677 | 1 Axis | 22 M3024-lve, M3024-lve Firmware, M3025-ve and 19 more | 2025-05-15 | N/A | 6.3 MEDIUM |
| Brandon Rothel from QED Secure Solutions and Sam Hanson of Dragos have found that the VAPIX API tcptest.cgi did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. The impact of exploiting this vulnerability is lower with operator-privileges compared to administrator-privileges service accounts. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-46076 | 1 Ruoyi | 1 Ruoyi | 2025-05-15 | N/A | 9.8 CRITICAL |
| RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. | |||||
| CVE-2025-2377 | 1 Janobe | 1 Vehicle Management System | 2025-05-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names. | |||||
| CVE-2025-4470 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-14 | 3.3 LOW | 2.4 LOW |
| A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2019-10173 | 2 Oracle, Xstream | 10 Banking Platform, Business Activity Monitoring, Communications Billing And Revenue Management Elastic Charging Engine and 7 more | 2025-05-14 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285) | |||||
| CVE-2025-4022 | 1 Webarena | 1 Webarena | 2025-05-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2015-2079 | 1 Webmin | 1 Usermin | 2025-05-14 | N/A | 9.9 CRITICAL |
| Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open. | |||||
| CVE-2025-2673 | 1 Fabian | 1 Payroll Management System | 2025-05-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2022-41576 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-14 | N/A | 7.8 HIGH |
| The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. | |||||
| CVE-2025-45857 | 2025-05-14 | N/A | 9.8 CRITICAL | ||
| EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function. | |||||
| CVE-2023-43958 | 1 Kishan0725 | 1 Hospital Management System | 2025-05-14 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code. | |||||
| CVE-2025-0794 | 1 Esafenet | 1 Cdg | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0795 | 1 Esafenet | 1 Cdg | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-41544 | 1 Get-simple | 1 Getsimple Cms | 2025-05-13 | N/A | 9.8 CRITICAL |
| GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php. | |||||