Total
5242 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0788 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 8.1 High |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0792 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-21 | 6.5 Medium |
| Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-52393 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-21 | 9.1 Critical |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15. | ||||
| CVE-2024-32680 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-20 | 8.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. | ||||
| CVE-2025-26260 | 2025-03-19 | 8.8 High | ||
| Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution. | ||||
| CVE-2023-22855 | 1 Kardex | 1 Kardex Control Center | 2025-03-19 | 9.8 Critical |
| Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. | ||||
| CVE-2024-39864 | 2 Apache, Apache Software Foundation | 2 Cloudstack, Apache Cloudstack | 2025-03-19 | 9.8 Critical |
| The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue. | ||||
| CVE-2025-26264 | 2025-03-19 | 8.8 High | ||
| GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise. | ||||
| CVE-2025-24159 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-19 | 7.8 High |
| A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2024-41623 | 2 D3dsecurity, Ezviz | 3 D8801, D8801 Firmware, Internet Pt Camera | 2025-03-18 | 9.8 Critical |
| An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload | ||||
| CVE-2021-33949 | 1 Wms Project | 1 Wms | 2025-03-18 | 9.8 Critical |
| An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | ||||
| CVE-2023-49109 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 9.8 Critical |
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. | ||||
| CVE-2023-24078 | 1 Realtimelogic | 1 Fuguhub | 2025-03-18 | 8.8 High |
| Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. | ||||
| CVE-2024-54448 | 2025-03-18 | N/A | ||
| The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC. | ||||
| CVE-2024-31807 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-18 | 9.8 Critical |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function. | ||||
| CVE-2023-0877 | 1 Froxlor | 1 Froxlor | 2025-03-18 | 8.8 High |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. | ||||
| CVE-2024-43202 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 9.8 Critical |
| Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue. | ||||
| CVE-2021-26277 | 2 Google, Vivo | 2 Android, Frame Service | 2025-03-18 | 5.6 Medium |
| The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | ||||
| CVE-2025-2491 | 2025-03-18 | 2.4 Low | ||
| A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-24114 | 1 Typecho | 1 Typecho | 2025-03-18 | 9.8 Critical |
| typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. | ||||