Search Results (120989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-2639 1 Jizhicms 1 Jizhicms 2025-03-28 4.3 Medium
A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-51456 2 Ibm, Microsoft 2 Robotic Process Automation, Windows 2025-03-28 5.9 Medium
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks.
CVE-2024-57686 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.
CVE-2024-57687 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter.
CVE-2024-34089 2 Archer, Archerirm 2 Platform, Archer 2025-03-28 7.3 High
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.
CVE-2025-0625 1 Campcodes 1 School Management Software 2025-03-28 3.1 Low
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. This affects an unknown part of the component Attachment Handler. The manipulation leads to improper control of resource identifiers. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2025-25389 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
A SQL Injection vulnerability was found in /admin/forgot-password.php in Phpgurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter.
CVE-2025-23057 1 Arubanetworks 1 Fabric Composer 2025-03-28 5.5 Medium
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23056 1 Arubanetworks 1 Fabric Composer 2025-03-28 5.5 Medium
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23055 1 Arubanetworks 1 Fabric Composer 2025-03-28 5.5 Medium
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-25388 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
A SQL Injection vulnerability was found in /admin/edit-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the editid GET request parameter.
CVE-2025-25387 1 Phpgurukul 1 Land Record System 2025-03-28 7.2 High
A SQL Injection vulnerability was found in /admin/manage-propertytype.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
CVE-2025-1159 1 Campcodes 1 School Management Software 2025-03-28 3.5 Low
A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-46429 1 Tenda 2 W18e, W18e Firmware 2025-03-28 8.8 High
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
CVE-2022-44715 1 Netscout 1 Ngeniusone 2025-03-28 8.8 High
Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.
CVE-2020-36658 2 Debian, Lemonldap-ng 2 Debian Linux, Apache\ 2025-03-28 8.1 High
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
CVE-2025-23058 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 8.8 High
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
CVE-2025-23059 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 6.8 Medium
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
CVE-2025-25039 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-28 4.7 Medium
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
CVE-2024-42599 1 Seacms 1 Seacms 2025-03-28 8.8 High
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.