Search Results (14091 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4116 2 Quarkus, Redhat 3 Quarkus, Build Of Quarkus, Quarkus 2025-04-29 9.8 Critical
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
CVE-2025-29064 1 Totolink 2 X18, X18 Firmware 2025-04-29 9.8 Critical
An issue in TOTOLINK x18 v.9.1.0cu.2024_B20220329 allows a remote attacker to execute arbitrary code via the sub_410E54 function of the cstecgi.cgi.
CVE-2022-44786 1 Maggioli 1 Appalti \& Contratti 2025-04-29 7.5 High
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications allow Local File Inclusion in any page relying on the href parameter to specify the JSP page to be rendered. This affects ApriPagina.do POST and GET requests to each application.
CVE-2022-43183 1 Xuxueli 1 Xxl-job 2025-04-29 8.8 High
XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.
CVE-2022-40842 1 Ndk-design 1 Ndkadvancedcustomizationfields 2025-04-29 9.1 Critical
ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Server-side request forgery (SSRF) via rotateimg.php.
CVE-2022-45152 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2025-04-29 9.1 Critical
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVE-2022-44262 1 Ff4j 1 Ff4j 2025-04-29 9.8 Critical
ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).
CVE-2022-41158 2 Eyoom, Linux 2 Eyoom Builder, Linux Kernel 2025-04-29 7.2 High
Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.
CVE-2021-3661 1 Hp 40 Z1 All-in-one G3, Z1 All-in-one G3 Firmware, Z238 Microtower and 37 more 2025-04-29 8.4 High
A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.
CVE-2024-48579 2 Mayurik, Php 2 Best House Rental Management System, Best House Rental Management System 2025-04-28 9.8 Critical
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.
CVE-2024-33868 2 Linqi, Microsoft 2 Linqi, Windows 2025-04-28 9.8 Critical
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
CVE-2024-33864 2 Linqi, Microsoft 2 Linqi, Windows 2025-04-28 5.9 Medium
An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript.
CVE-2024-33863 2 Linqi, Microsoft 2 Linqi, Windows 2025-04-28 9.8 Critical
An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion.
CVE-2024-47219 1 Vesoft 2 Nebulagraph Database, Nebulagraph Studio 2025-04-28 9.8 Critical
An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection.
CVE-2024-46080 1 Scriptcase 1 Scriptcase 2025-04-28 8 High
Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function.
CVE-2024-40487 2 Kashipara, Lopalopa 2 Live Membership System, Live Membership System 2025-04-28 7.6 High
A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter.
CVE-2022-39833 1 Filecloud 1 Filecloud 2025-04-25 7.2 High
FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request.
CVE-2022-45908 1 Paddlepaddle 1 Paddlepaddle 2025-04-25 9.8 Critical
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
CVE-2022-45907 1 Linuxfoundation 1 Pytorch 2025-04-25 9.8 Critical
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
CVE-2022-34354 2 Ibm, Linux 2 Partner Engagement Manager, Linux Kernel 2025-04-25 4 Medium
IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage of client data to be stored locally which can be read by another user on the system. IBM X-Force ID: 230424.