Search Results (120938 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5351 1 Anji-plus 1 Aj-report 2025-03-01 6.3 Medium
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.
CVE-2024-5353 1 Anji-plus 1 Aj-report 2025-03-01 6.3 Medium
A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability.
CVE-2024-5354 1 Anji-plus 1 Aj-report 2025-03-01 4.3 Medium
A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability.
CVE-2024-5355 1 Anji-plus 1 Aj-report 2025-03-01 6.3 Medium
A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267.
CVE-2024-12960 1 1000projects 1 Portfolio Management System Mca 2025-02-28 7.3 High
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. This issue affects some unknown processing of the file /update_edu_details.php. The manipulation of the argument q leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0753 1 Axiosys 1 Bento4 2025-02-28 6.3 Medium
A vulnerability classified as critical was found in Axiomatic Bento4 up to 1.6.0. This vulnerability affects the function AP4_StdcFileByteStream::ReadPartial of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0751 1 Axiosys 1 Bento4 2025-02-28 6.3 Medium
A vulnerability classified as critical has been found in Axiomatic Bento4 up to 1.6.0. This affects the function AP4_BitReader::ReadBits of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0973 1 Cmseasy 1 Cmseasy 2025-02-28 5.4 Medium
A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0870 1 Axiosys 1 Bento4 2025-02-28 5.6 Medium
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4_DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVE-2023-36887 1 Microsoft 1 Edge Chromium 2025-02-28 7.8 High
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2023-33157 1 Microsoft 1 Sharepoint Server 2025-02-28 8.8 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2023-33131 1 Microsoft 4 Office, Office Long Term Servicing Channel, Outlook and 1 more 2025-02-28 8.8 High
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2022-42499 1 Google 1 Android 2025-02-28 9.8 Critical
In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/A
CVE-2022-42498 1 Google 1 Android 2025-02-28 9.8 Critical
In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240662453References: N/A
CVE-2021-40487 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-02-28 8.1 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-40485 1 Microsoft 7 365 Apps, Excel, Office and 4 more 2025-02-28 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-31949 1 Microsoft 3 365 Apps, Office, Outlook 2025-02-28 7.3 High
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2021-31198 1 Microsoft 1 Exchange Server 2025-02-28 7.8 High
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2021-31181 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-02-28 8.8 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2023-21732 1 Microsoft 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more 2025-02-28 8.8 High
Microsoft ODBC Driver Remote Code Execution Vulnerability