Total
4737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25197 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2025-04-16 | 9.8 Critical |
| A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | ||||
| CVE-2021-27446 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2025-04-16 | 10 Critical |
| The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | ||||
| CVE-2022-46070 | 1 Gv Asmanager | 1 Gv Asmanager | 2025-04-16 | 7.5 High |
| GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. | ||||
| CVE-2024-29500 | 1 Secure Lockdown | 1 Multi Application Edition | 2025-04-16 | 9.8 Critical |
| An issue in the kiosk mode of Secure Lockdown Multi Application Edition v2.00.219 allows attackers to execute arbitrary code via running a ClickOnce application instance. | ||||
| CVE-2025-27657 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. | ||||
| CVE-2025-27678 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001. | ||||
| CVE-2022-22763 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2022-22756 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2025-3688 | 2025-04-16 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-26996 | 2025-04-16 | 6.5 Medium | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Fetch Designs Sign-up Sheets allows Code Injection. This issue affects Sign-up Sheets: from n/a through 2.3.0.1. | ||||
| CVE-2025-0721 | 1 Needyamin | 1 Image Gallery Management System | 2025-04-16 | 4.3 Medium |
| A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3114 | 2025-04-15 | N/A | ||
| Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. | ||||
| CVE-2025-29281 | 2025-04-15 | 8.8 High | ||
| In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them. | ||||
| CVE-2025-3533 | 2025-04-15 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3532 | 2025-04-15 | 4.3 Medium | ||
| A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3554 | 2025-04-15 | 4.3 Medium | ||
| A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3612 | 2025-04-15 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3531 | 2025-04-15 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3560 | 2025-04-15 | 3.5 Low | ||
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3592 | 2025-04-15 | 3.5 Low | ||
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. The vendor was contacted early about this disclosure but did not respond in any way. | ||||