Total
290937 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40617 | 1 Os4ed | 1 Opensis | 2025-04-16 | 9.8 Critical |
| An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php. | ||||
| CVE-2021-36631 | 1 Baidu | 1 Baidunetdisk | 2025-04-16 | 6.7 Medium |
| Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2021-27289 | 2025-04-16 | 9.1 Critical | ||
| A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network. | ||||
| CVE-2020-5504 | 3 Debian, Phpmyadmin, Suse | 3 Debian Linux, Phpmyadmin, Suse Linux Enterprise Server | 2025-04-16 | 8.8 High |
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. | ||||
| CVE-2020-29607 | 1 Pluck-cms | 1 Pluck | 2025-04-16 | 7.2 High |
| A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. | ||||
| CVE-2020-20969 | 1 Pluck-cms | 1 Pluck | 2025-04-16 | 7.2 High |
| File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | ||||
| CVE-2020-15718 | 1 Rosariosis | 1 Rosariosis | 2025-04-16 | 6.1 Medium |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. A remote attacker could exploit this vulnerability using the include_inactive parameter in a crafted URL. | ||||
| CVE-2020-15716 | 1 Rosariosis | 1 Rosariosis | 2025-04-16 | 6.1 Medium |
| RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. A remote attacker could exploit this vulnerability using the tab parameter in a crafted URL. | ||||
| CVE-2020-15685 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel Eus | 2025-04-16 | 8.8 High |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | ||||
| CVE-2019-25024 | 1 Alleghenycreative | 1 Openrepeater | 2025-04-16 | 9.8 Critical |
| OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | ||||
| CVE-2019-16693 | 1 Phpipam | 1 Phpipam | 2025-04-16 | 9.8 Critical |
| phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used. | ||||
| CVE-2018-25080 | 1 Mobiledetect | 1 Mobiledetect | 2025-04-16 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | ||||
| CVE-2017-15808 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-16 | N/A |
| In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | ||||
| CVE-2024-57546 | 1 Cmsimple | 1 Cmsimple | 2025-04-16 | 7.5 High |
| An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function. | ||||
| CVE-2024-54818 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-16 | 8.8 High |
| SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | ||||
| CVE-2024-46603 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 7.5 High |
| An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. | ||||
| CVE-2024-46602 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 7.5 High |
| An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload. | ||||
| CVE-2024-46601 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 7.5 High |
| Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. | ||||
| CVE-2025-31933 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can check the existence of usernames in the system by querying an API. | ||||
| CVE-2025-31357 | 2025-04-16 | 5.3 Medium | ||
| An unauthenticated attacker can obtain a user's plant list by knowing the username. | ||||