Search Results (14107 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1799 1 Skycaiji 1 Skycaiji 2025-06-12 6.3 Medium
A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3005 1 Forestblog Project 1 Forestblog 2025-06-12 3.5 Low
A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3004 1 Forestblog Project 1 Forestblog 2025-06-12 3.5 Low
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-31116 1 Opensecurity 1 Mobile Security Framework 2025-06-12 4.4 Medium
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. This vulnerability is fixed in 4.3.2.
CVE-2025-4256 1 Seacms 1 Seacms 2025-06-12 3.5 Low
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-45887 1 Wanglongcn 1 Yifang 2025-06-12 9.1 Critical
Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.
CVE-2025-4866 1 Weibo 1 Rill-flow 2025-06-12 6.3 Medium
A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-28203 1 Govicture 2 Rx1800, Rx1800 Firmware 2025-06-12 8.8 High
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.
CVE-2025-5796 1 Code-projects 1 Simple Laundry System 2025-06-12 3.5 Low
A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5797 1 Code-projects 1 Simple Laundry System 2025-06-12 3.5 Low
A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-39323 3 Fedoraproject, Golang, Redhat 3 Fedora, Go, Enterprise Linux 2025-06-12 8.1 High
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
CVE-2023-5044 1 Kubernetes 1 Ingress-nginx 2025-06-12 7.6 High
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
CVE-2022-31860 1 Openremote 1 Openremote 2025-06-12 9.8 Critical
An issue was discovered in OpenRemote through 1.0.4 allows attackers to execute arbitrary code via a crafted Groovy rule.
CVE-2025-25065 1 Synacor 1 Zimbra Collaboration Suite 2025-06-11 5.3 Medium
SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
CVE-2023-6991 1 Surniaulula 1 Jsm File Get Contents\(\) Shortcode 2025-06-11 8.8 High
The JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.
CVE-2023-42833 2 Apple, Redhat 6 Ipados, Iphone Os, Macos and 3 more 2025-06-11 8.8 High
A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution.
CVE-2023-33472 1 Scada-lts 1 Scada-lts 2025-06-11 8.8 High
An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function.
CVE-2024-6584 1 Automattic 1 Jetpack Boost 2025-06-11 9.1 Critical
The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.
CVE-2024-33117 1 Crmeb 1 Crmeb Java 2025-06-11 5.3 Medium
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
CVE-2024-3931 1 Totara 2 Enterprise Lms, Totara 2025-06-10 3.5 Low
A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component.