Total
4542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44071 | 1 Seacms | 1 Seacms | 2025-05-13 | N/A | 9.8 CRITICAL |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2024-57099 | 1 Classcms | 1 Classcms | 2025-05-13 | N/A | 9.8 CRITICAL |
| ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server. | |||||
| CVE-2025-43010 | 2025-05-13 | N/A | 8.3 HIGH | ||
| SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application. | |||||
| CVE-2024-25180 | 1 Pdfmake Project | 1 Pdfmake | 2025-05-13 | N/A | 9.8 CRITICAL |
| An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | |||||
| CVE-2024-25293 | 1 Mjml | 1 Mjml App | 2025-05-13 | N/A | 9.3 CRITICAL |
| mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. | |||||
| CVE-2025-25944 | 1 Axiosys | 1 Bento4 | 2025-05-13 | N/A | 7.3 HIGH |
| Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file. | |||||
| CVE-2025-25943 | 1 Axiosys | 1 Bento4 | 2025-05-13 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp. | |||||
| CVE-2025-0483 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-23376 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 2.3 LOW |
| Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2025-44022 | 2025-05-12 | N/A | 9.8 CRITICAL | ||
| An issue in vvveb CMS v.1.0.6 allows a remote attacker to execute arbitrary code via the Plugin mechanism. | |||||
| CVE-2023-42404 | 1 Onevision | 1 Workspace | 2025-05-12 | N/A | 4.9 MEDIUM |
| OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution. | |||||
| CVE-2025-46579 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | N/A | 8.4 HIGH |
| There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed. | |||||
| CVE-2025-3994 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3995 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-12 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46661 | 1 Ipwsystems | 1 Metazo | 2025-05-12 | N/A | 10.0 CRITICAL |
| IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. All instances have been patched by the Supplier. | |||||
| CVE-2025-3958 | 1 Withstars | 1 Books-management-system | 2025-05-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3961 | 1 Withstars | 1 Books-management-system | 2025-05-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3962 | 1 Withstars | 1 Books-management-system | 2025-05-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3965 | 1 Itwanger | 1 Paicoding | 2025-05-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /article/app/post. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3970 | 1 Jsite | 1 Jsite | 2025-05-12 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||