Search Results (120973 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-45701 1 Commscope 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more 2025-03-18 8.8 High
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
CVE-2024-31807 1 Totolink 2 Ex200, Ex200 Firmware 2025-03-18 9.8 Critical
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the hostTime parameter in the NTPSyncWithHost function.
CVE-2024-31808 1 Totolink 2 Ex200, Ex200 Firmware 2025-03-18 8.8 High
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function.
CVE-2024-31809 1 Totolink 2 Ex200, Ex200 Firmware 2025-03-18 8.8 High
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVE-2024-31811 1 Totolink 2 Ex200, Ex200 Firmware 2025-03-18 8.0 High
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function.
CVE-2024-43202 1 Apache 1 Dolphinscheduler 2025-03-18 9.8 Critical
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
CVE-2023-23836 1 Solarwinds 1 Orion Platform 2025-03-18 7.2 High
SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.
CVE-2023-0918 1 Pharmacy Management System Project 1 Pharmacy Management System 2025-03-18 6.3 Medium
A vulnerability has been found in codeprojects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file add.php of the component Avatar Image Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221494 is the identifier assigned to this vulnerability.
CVE-2024-37675 1 Tessi 1 Docubase 2025-03-18 5.4 Medium
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file.
CVE-2023-6123 1 Opentext 1 Alm Octane 2025-03-18 7.5 High
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.
CVE-2023-24114 1 Typecho 1 Typecho 2025-03-18 9.8 Critical
typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php.
CVE-2023-23453 1 Sick 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gent00010 and 1 more 2025-03-18 9.8 Critical
Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
CVE-2023-23452 1 Sick 4 Fx0-gpnt00000, Fx0-gpnt00000 Firmware, Fx0-gpnt00010 and 1 more 2025-03-18 9.8 Critical
Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.
CVE-2022-38220 1 Quest 1 Kace Systems Management Appliance 2025-03-18 6.1 Medium
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
CVE-2023-0840 1 Phpcrazy Project 1 Phpcrazy 2025-03-18 3.5 Low
A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability.
CVE-2024-34091 1 Archerirm 1 Archer 2025-03-18 7.3 High
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release.
CVE-2023-0862 1 Netmodule 10 Nb1601, Nb1800, Nb1810 and 7 more 2025-03-18 7.2 High
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
CVE-2022-3843 1 Wago 2 852-111\/000-001, 852-111\/000-001 Firmware 2025-03-18 9.1 Critical
In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters.
CVE-2024-3172 1 Google 1 Chrome 2025-03-18 8.8 High
Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2025-29387 1 Tenda 2 Ac9, Ac9 Firmware 2025-03-17 7.1 High
In Tenda AC9 v1.0 V15.03.05.14_multi, the wanSpeed parameter of /goform/AdvSetMacMtuWan has a stack overflow vulnerability, which can lead to remote arbitrary code execution.