Search Results (14105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-5133 1 Project Team 1 Tmall Demo 2025-06-03 4.3 Medium
A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5181 1 Summerpearlgroup 1 Vacation Rental Management Platform 2025-06-03 3.5 Low
A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-5179 1 Realcetecnologia 1 Queue Ticket Kiosk 2025-06-03 2.4 Low
A vulnerability classified as problematic was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected by this vulnerability is an unknown functionality of the file /adm/index.php of the component Cadastro de Administrador Page. The manipulation of the argument Name/Usuário leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5177 1 Realcetecnologia 1 Queue Ticket Kiosk 2025-06-03 4.3 Medium
A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-49471 1 Barassistant 1 Bar Assistant 2025-06-03 8.8 High
Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.
CVE-2023-5138 1 Silabs 1 Gecko Software Development Kit 2025-06-03 6.8 Medium
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
CVE-2024-0304 1 Youke365 1 Youke 365 2025-06-03 6.3 Medium
A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.
CVE-2024-0308 1 Inis Project 1 Inis 2025-06-03 6.3 Medium
A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875.
CVE-2024-21737 1 Sap 1 Application Interface Framework 2025-06-03 8.4 High
In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.
CVE-2023-42797 1 Siemens 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more 2025-06-03 6.6 Medium
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup.
CVE-2024-32358 1 Jpress 1 Jpress 2025-06-03 7.5 High
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.
CVE-2023-51804 1 Rymcu 1 Forest 2025-06-03 7.5 High
An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.
CVE-2023-43449 1 Hummerrisk 1 Hummerrisk 2025-06-03 8.8 High
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.
CVE-2023-6735 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2025-06-03 8.8 High
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges
CVE-2023-31032 1 Nvidia 2 Dgx A100, Dgx A100 Firmware 2025-06-03 7.5 High
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.
CVE-2024-0315 1 Fireeye 1 Central Management 2025-06-03 6.6 Medium
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.
CVE-2025-5150 1 Linuxfoundation 1 Docarray 2025-06-03 6.3 Medium
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5151 1 Defog 1 Introspect 2025-06-03 5.3 Medium
A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is named 502. It is recommended to apply a patch to fix this issue. The code maintainer explains, that "[they] have added some workarounds to address this in #502, but will not be implementing a full fix. This is because this repo is meant to be run in a docker environment, which will significantly mitigate potential security risks. Having said that, we have added a SECURITY section in our README to make this clearer to users."
CVE-2025-5153 1 Cmsmadesimple 1 Cms Made Simple 2025-06-03 3.5 Low
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-1015 1 Se-elektronic 2 E-ddc3.3, E-ddc3.3 Firmware 2025-06-02 9.8 Critical
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.