Total
291504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42455 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2025-04-24 | 8.1 High |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | ||||
| CVE-2024-42456 | 1 Veeam | 2 Backup And Replication, Veeam Backup \& Replication | 2025-04-24 | 8.8 High |
| A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | ||||
| CVE-2024-42457 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-24 | 6.5 Medium |
| A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. | ||||
| CVE-2024-37547 | 1 Livemesh | 1 Elementor Addons | 2025-04-24 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0. | ||||
| CVE-2023-2603 | 4 Debian, Fedoraproject, Libcap Project and 1 more | 5 Debian Linux, Fedora, Libcap and 2 more | 2025-04-24 | 7.8 High |
| A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | ||||
| CVE-2024-0864 | 2 Laragon, Leokhoa | 2 Laragon, Laragon | 2025-04-24 | 9.8 Critical |
| Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. | ||||
| CVE-2024-45204 | 1 Veeam | 1 Veeam Backup \& Replication | 2025-04-24 | 4.3 Medium |
| A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. | ||||
| CVE-2024-54927 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.2 High |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | ||||
| CVE-2024-54928 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | 7.2 High |
| kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | ||||
| CVE-2024-41446 | 1 Alkacon | 1 Opencms | 2025-04-24 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. | ||||
| CVE-2024-42699 | 1 Alkacon | 1 Opencms | 2025-04-24 | 6.5 Medium |
| Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field | ||||
| CVE-2025-28121 | 1 Code-projects | 1 Online Exam Mastering System | 2025-04-24 | 6.1 Medium |
| code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code. | ||||
| CVE-2025-29287 | 1 Mingsoft | 1 Mcms | 2025-04-24 | 9.8 Critical |
| An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2025-43919 | 1 Gnu | 1 Mailman | 2025-04-24 | 5.8 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter. | ||||
| CVE-2025-43920 | 1 Gnu | 1 Mailman | 2025-04-24 | 5.4 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), in certain external archiver configurations, allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line. | ||||
| CVE-2025-43921 | 1 Gnu | 1 Mailman | 2025-04-24 | 5.3 Medium |
| GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. | ||||
| CVE-2025-44135 | 2025-04-24 | 6.5 Medium | ||
| A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks. | ||||
| CVE-2025-44134 | 2025-04-24 | 6.5 Medium | ||
| A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks. | ||||
| CVE-2025-29568 | 2025-04-24 | 4.8 Medium | ||
| A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/class_sched.php. Manipulating the class parameter can lead to cross-site scripting (XSS). | ||||
| CVE-2025-28028 | 2025-04-24 | 7.3 High | ||
| TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter. | ||||