Total
290937 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40328 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-15 | 6.3 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 | ||||
| CVE-2024-40329 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-15 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup | ||||
| CVE-2024-40331 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-15 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup | ||||
| CVE-2024-40333 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-15 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2 | ||||
| CVE-2024-40336 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-15 | 6.1 Medium |
| idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' | ||||
| CVE-2025-21908 | 1 Linux | 1 Linux Kernel | 2025-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} [akpm@linux-foundation.org: fix build] | ||||
| CVE-2025-21905 | 1 Linux | 1 Linux Kernel | 2025-04-15 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have. | ||||
| CVE-2024-33829 | 1 Idccms | 1 Idccms | 2025-04-15 | 5.4 Medium |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | ||||
| CVE-2024-35010 | 1 Idccms | 1 Idccms | 2025-04-15 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6. | ||||
| CVE-2024-35009 | 2 Idccms, Idccms Project | 2 Idccms, Idccms | 2025-04-15 | 8.8 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. | ||||
| CVE-2024-33830 | 1 Idccms | 1 Idccms | 2025-04-15 | 8.1 High |
| idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | ||||
| CVE-2025-1219 | 1 Php | 1 Php | 2025-04-15 | 5.3 Medium |
| In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations. | ||||
| CVE-2024-30920 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 7.4 High |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. | ||||
| CVE-2024-30921 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 5.4 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. | ||||
| CVE-2024-30922 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 9.8 Critical |
| SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. | ||||
| CVE-2024-30923 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 9.8 Critical |
| SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | ||||
| CVE-2024-30924 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 4.6 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. | ||||
| CVE-2024-30925 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 6.5 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. | ||||
| CVE-2024-30926 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 4.6 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. | ||||
| CVE-2024-30927 | 1 Derbynet | 1 Derbynet | 2025-04-15 | 6.3 Medium |
| Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. | ||||