Total
4663 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3392 | 1 Hailey888 | 1 Oa System | 2025-05-07 | 3.5 Low |
| A vulnerability was found in hailey888 oa_system up to 2025.01.01 and classified as problematic. Affected by this issue is the function Save of the file cn/gson/oasys/controller/mail/MailController.java of the component Backend. The manipulation of the argument MailNumberId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-13861 | 2 Debian, Sophos | 2 Debian Linux, Taegis Endpoint Agent | 2025-05-07 | 7.8 High |
| A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected. | ||||
| CVE-2025-3248 | 1 Langflow | 1 Langflow | 2025-05-07 | 9.8 Critical |
| Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | ||||
| CVE-2024-54997 | 1 Monicahq | 1 Monica | 2025-05-07 | 5.4 Medium |
| MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit. | ||||
| CVE-2024-54996 | 1 Monicahq | 1 Monica | 2025-05-07 | 8.8 High |
| MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create. | ||||
| CVE-2024-48168 | 2 D-link, Dlink | 3 Dcs 960l, Dcs-960l, Dcs-960l Firmware | 2025-05-07 | 9.8 Critical |
| A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-960L 1.09, allowing an attacker to execute arbitrary code. | ||||
| CVE-2021-26731 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 9.1 Critical |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26729 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 10 Critical |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26727 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 10 Critical |
| Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2022-3394 | 1 Soflyy | 1 Wp All Export | 2025-05-07 | 7.2 High |
| The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | ||||
| CVE-2020-21016 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2025-05-07 | 9.8 Critical |
| D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php. | ||||
| CVE-2025-4292 | 2025-05-07 | 2.4 Low | ||
| A vulnerability has been found in MRCMS 3.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/user/edit.do of the component Edit User Page. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-44071 | 2025-05-07 | 9.8 Critical | ||
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2025-2802 | 2025-05-07 | 7.3 High | ||
| The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-4323 | 2025-05-07 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4325 | 2025-05-07 | 2.4 Low | ||
| A vulnerability has been found in MRCMS 3.1.2 and classified as problematic. This vulnerability affects unknown code of the file /admin/category/add.do of the component Category Management Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4293 | 2025-05-07 | 2.4 Low | ||
| A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4326 | 2025-05-07 | 2.4 Low | ||
| A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects some unknown processing of the file /admin/chip/add.do of the component Add Fragment Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4324 | 2025-05-07 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in MRCMS 3.1.2. This affects an unknown part of the file /admin/link/edit.do of the component External Link Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-49362 | 2 Joplin Project, Joplinapp | 2 Joplin, Joplin | 2025-05-07 | 7.7 High |
| Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. | ||||