Search Results (14101 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-2170 1 Sonicwall 2 Sma1000, Sma1000 Firmware 2025-05-14 7.2 High
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location.
CVE-2025-2673 1 Fabian 1 Payroll Management System 2025-05-14 3.5 Low
A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2022-41477 1 Webidsupport 1 Webid 2025-05-14 9.1 Critical
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
CVE-2022-41576 1 Huawei 2 Emui, Harmonyos 2025-05-14 7.8 High
The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices.
CVE-2024-10903 1 Managewp 1 Broken Link Checker 2025-05-14 4.7 Medium
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.
CVE-2023-43958 1 Kishan0725 1 Hospital Management System 2025-05-14 9.8 Critical
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.
CVE-2025-0794 1 Esafenet 1 Cdg 2025-05-13 3.5 Low
A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0795 1 Esafenet 1 Cdg 2025-05-13 3.5 Low
A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-41544 1 Get-simple 1 Getsimple Cms 2025-05-13 8.8 High
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
CVE-2025-44071 1 Seacms 1 Seacms 2025-05-13 9.8 Critical
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.
CVE-2024-57099 1 Classcms 1 Classcms 2025-05-13 9.8 Critical
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
CVE-2023-45859 1 Hazelcast 1 Hazelcast 2025-05-13 7.6 High
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster.
CVE-2024-25180 1 Pdfmake Project 1 Pdfmake 2025-05-13 9.8 Critical
An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers.
CVE-2024-26476 2 Mpdf Project, Open-emr 2 Mpdf, Openemr 2025-05-13 3.5 Low
An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.
CVE-2024-25293 1 Mjml 1 Mjml App 2025-05-13 9.3 Critical
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
CVE-2025-25944 1 Axiosys 1 Bento4 2025-05-13 7.3 High
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the Ap4RtpAtom.cpp, specifically in AP4_RtpAtom::AP4_RtpAtom, during the execution of mp4fragment with a crafted MP4 input file.
CVE-2025-25943 1 Axiosys 1 Bento4 2025-05-13 7.8 High
Buffer Overflow vulnerability in Bento4 v.1.6.0-641 allows a local attacker to execute arbitrary code via the AP4_Stz2Atom::AP4_Stz2Atom component located in Ap4Stz2Atom.cpp.
CVE-2025-0483 1 Native-php-cms Project 1 Native-php-cms 2025-05-13 3.5 Low
A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0480 1 Wuzhicms 1 Wuzhicms 2025-05-13 4.3 Medium
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-23376 1 Dell 1 Powerprotect Data Manager 2025-05-13 2.3 Low
Dell PowerProtect Data Manager Reporting, version(s) 19.16, 19.17, 19.18, contain(s) an Improper Neutralization of Special Elements Used in a Template Engine vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure.