Total
4910 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7148 | 2025-07-08 | 3.5 Low | ||
| A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | ||||
| CVE-2025-7109 | 2025-07-08 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7110 | 2025-07-08 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7111 | 2025-07-08 | 3.5 Low | ||
| A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7112 | 2025-07-08 | 3.5 Low | ||
| A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7182 | 2025-07-08 | 4.3 Medium | ||
| A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6744 | 2025-07-08 | 7.3 High | ||
| The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shortcode() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-42967 | 2025-07-08 | 9.9 Critical | ||
| SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own code potentially gaining full control of the affected SAP system causing high impact on confidentiality, integrity, and availability of the application. | ||||
| CVE-2024-8581 | 1 Lollms | 1 Lollms Web Ui | 2025-07-08 | N/A |
| A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Traversal error. | ||||
| CVE-2024-49048 | 1 Microsoft | 1 Torchgeo | 2025-07-08 | 8.1 High |
| TorchGeo Remote Code Execution Vulnerability | ||||
| CVE-2025-6551 | 1 Java-aodeng | 1 Hope-boot | 2025-07-08 | 3.5 Low |
| A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-39002 | 2 Richardrodger, Rjrodger | 2 Jsonic, Jsonic-next | 2025-07-07 | 6.3 Medium |
| rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-56518 | 1 Hazelcast | 1 Management Center | 2025-07-07 | 9.8 Critical |
| Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | ||||
| CVE-2025-25680 | 1 Lsc | 2 Ptz Dual Band Camera, Ptz Dual Band Camera Firmware | 2025-07-07 | 7.7 High |
| LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera. | ||||
| CVE-2024-35314 | 1 Mitel | 3 Micollab, Mivoice Business Solution Virtual Instance, Mivoice Business Solutions Virtual Instance | 2025-07-07 | 9.8 Critical |
| A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2024-35315 | 1 Mitel | 3 Micollab, Mivoice Business, Mivoice Business Solution Virtual Instance | 2025-07-07 | 5.6 Medium |
| A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. | ||||
| CVE-2024-33394 | 1 Kubevirt | 1 Kubevirt | 2025-07-07 | 5.9 Medium |
| An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||||
| CVE-2024-9050 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-07-05 | 7.8 High |
| A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. | ||||
| CVE-2024-3892 | 1 Progress | 1 Telerik Ui For Winforms | 2025-07-03 | 7.2 High |
| A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. | ||||
| CVE-2025-49521 | 1 Redhat | 3 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside | 2025-07-03 | 8.8 High |
| A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft. | ||||