Search Results (121024 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31010 1 Sem-cms 1 Semcms 2025-04-04 7.5 High
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
CVE-2022-47318 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Satellite and 1 more 2025-04-04 8.8 High
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
CVE-2022-39195 1 Lsoft 1 Listserv 2025-04-04 6.1 Medium
A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.
CVE-2021-36630 1 Ruckuswireless 8 Sz-100, Sz-100 Firmware, Sz-144 and 5 more 2025-04-04 7.5 High
DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request.
CVE-2024-31012 1 Sem-cms 1 Semcms 2025-04-04 9.8 Critical
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
CVE-2024-53635 1 Phpgurukul 1 Covid19 Testing Management System 2025-04-04 4.8 Medium
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter.
CVE-2025-1850 1 Codezips 1 College Management System 2025-04-04 7.3 High
A vulnerability, which was classified as critical, has been found in Codezips College Management System 1.0. Affected by this issue is some unknown functionality of the file /university.php. The manipulation of the argument book_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-0513 1 Iteachyou 1 Dreamer Cms 2025-04-04 3.5 Low
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.
CVE-2023-2473 1 Iteachyou 1 Dreamer Cms 2025-04-04 4.3 Medium
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.
CVE-2023-4743 1 Iteachyou 1 Dreamer Cms 2025-04-04 3.1 Low
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic. Affected is an unknown function of the file /upload/ueditorConfig?action=config. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238632. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-1746 1 Iteachyou 1 Dreamer Cms 2025-04-04 3.5 Low
A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.
CVE-2023-0287 1 Favorites-web Project 1 Favorites-web 2025-04-04 3.5 Low
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.
CVE-2023-0281 1 Online Flight Booking Management System Project 1 Online Flight Booking Management System 2025-04-04 6.3 Medium
A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218276.
CVE-2024-11004 1 Ivanti 2 Connect Secure, Policy Secure 2025-04-04 6.1 Medium
Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2024-4790 1 Dedecms 1 Dedecms 2025-04-04 4.3 Medium
A vulnerability classified as problematic has been found in DedeCMS 5.7.114. This affects an unknown part of the file /sys_verifies.php?action=view. The manipulation of the argument filename with the input ../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263889 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-32349 1 Totolink 2 X5000r, X5000r Firmware 2025-04-04 6 Medium
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.
CVE-2024-32350 1 Totolink 2 X5000r, X5000r Firmware 2025-04-04 8.8 High
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.
CVE-2024-32351 1 Totolink 2 X5000r, X5000r Firmware 2025-04-04 8.8 High
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.
CVE-2024-32352 1 Totolink 2 X5000r, X5000r Firmware 2025-04-04 8.8 High
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
CVE-2023-40493 1 Lg 1 Simple Editor 2025-04-04 9.8 Critical
LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copySessionFolder command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19920.