Filtered by CWE-94
Total 5148 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1706 1 Zkteco 1 Zkbio Access Ivs 2025-08-22 3.5 Low
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input <marquee>hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor explains: "ZKBio Access IVS is no longer maintained and the product has been replaced by ZKBio CVAccess, it is recommended to replace it with the latest version of ZKBio CVAccess." This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-45271 4 Helmholz, Mb Connect Line, Mbconnectline and 1 more 6 Rex 100, Rex 100 Firmware, Mbnet.mini and 3 more 2025-08-22 8.4 High
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
CVE-2024-43393 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2025-08-22 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.
CVE-2024-43392 1 Phoenixcontact 60 Fl Mguard Centerport Vpn-1000, Fl Mguard Centerport Vpn-1000 Firmware, Fl Mguard Core Tx and 57 more 2025-08-22 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.
CVE-2024-43391 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2025-08-22 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.
CVE-2024-43390 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2025-08-22 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.
CVE-2024-43389 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2025-08-22 8.1 High
A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.
CVE-2024-43388 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2025-08-22 8.8 High
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.
CVE-2025-9017 1 Phpgurukul 1 Zoo Management System 2025-08-21 4.3 Medium
A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5309 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2025-08-21 9.8 Critical
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
CVE-2025-54466 1 Apache 1 Ofbiz 2025-08-21 6.3 Medium
Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue.
CVE-2025-9167 1 Solidinvoice 1 Solidinvoice 2025-08-21 3.5 Low
A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9168 1 Solidinvoice 1 Solidinvoice 2025-08-21 3.5 Low
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9169 1 Solidinvoice 1 Solidinvoice 2025-08-21 3.5 Low
A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9170 1 Solidinvoice 1 Solidinvoice 2025-08-21 3.5 Low
A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9171 1 Solidinvoice 1 Solidinvoice 2025-08-21 3.5 Low
A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9119 1 Netis-systems 2 Wf2419, Wf2419 Firmware 2025-08-21 2.4 Low
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-50567 1 Saurus 1 Saurus Cms 2025-08-21 10 Critical
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution.
CVE-2025-48169 2 Jordy Meow, Wordpress 2 Code Engine, Wordpress 2025-08-21 9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3.
CVE-2025-9145 1 Scada-lts 1 Scada-lts 2025-08-21 3.5 Low
A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.