Total
4858 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32801 | 1 Redhat | 1 Enterprise Linux | 2025-05-29 | 7.8 High |
| Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | ||||
| CVE-2022-41138 | 1 Zutty Project | 1 Zutty | 2025-05-29 | 9.8 Critical |
| In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution. | ||||
| CVE-2022-3242 | 1 Microweber | 1 Microweber | 2025-05-29 | 6.1 Medium |
| Code Injection in GitHub repository microweber/microweber prior to 1.3.2. | ||||
| CVE-2024-48061 | 1 Langflow | 1 Langflow | 2025-05-28 | 9.8 Critical |
| langflow <=1.0.18 is vulnerable to Remote Code Execution (RCE) as any component provided the code functionality and the components run on the local machine rather than in a sandbox. | ||||
| CVE-2025-28146 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-28 | 9.8 Critical |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a command injection vulnerability via fota_url in /boafrm/formLtefotaUpgradeQuectel | ||||
| CVE-2024-50704 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | 10 Critical |
| Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. | ||||
| CVE-2024-50707 | 1 Uniguest | 1 Tripleplay | 2025-05-28 | 10 Critical |
| Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via the X-Forwarded-For header in an HTTP GET request. | ||||
| CVE-2025-2061 | 1 Fabianros | 1 Online Ticket Reservation System | 2025-05-28 | 4.3 Medium |
| A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0961 | 1 Anisha | 1 Job Recruitment | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Job Recruitment 1.0. Affected by this issue is some unknown functionality of the file /_parse/load_job-details.php. The manipulation of the argument business_stream_name/company_website_url leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0348 | 1 Campcodes | 1 Deped Equipment Inventory System | 2025-05-28 | 3.5 Low |
| A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-28640 | 2 Hp, Hpe | 77 Apollo 4200 Gen10 Server, Apollo 4500, Apollo R2000 Chassis and 74 more | 2025-05-28 | 8.8 High |
| A potential local adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability was discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. Hewlett Packard Enterprise has provided updated firmware for HPE Integrated Lights-Out 5 (iLO 5) that addresses this security vulnerability. | ||||
| CVE-2025-4745 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3996 | 1 Totolink | 2 N150rt, N150rt Firmware | 2025-05-28 | 2.4 Low |
| A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4744 | 1 Fabian | 1 Employee Record System | 2025-05-28 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4939 | 1 Phpgurukul | 1 Credit Card Application Management System | 2025-05-28 | 4.3 Medium |
| A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-21353 | 1 Pugjs | 2 Pug, Pug-code-gen | 2025-05-27 | 6.8 Medium |
| Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | ||||
| CVE-2024-48655 | 1 Totaljs | 2 Total.js, Total.js Cms | 2025-05-27 | 8.8 High |
| An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. | ||||
| CVE-2022-3245 | 1 Microweber | 1 Microweber | 2025-05-27 | 6.1 Medium |
| HTML injection attack is closely related to Cross-site Scripting (XSS). HTML injection uses HTML to deface the page. XSS, as the name implies, injects JavaScript into the page. Both attacks exploit insufficient validation of user input. | ||||
| CVE-2022-26112 | 1 Apache | 1 Pinot | 2025-05-27 | 9.8 Critical |
| In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0 | ||||
| CVE-2023-44857 | 1 Cobham | 3 Sailor 600 Vsat Ku, Sailor 600 Vsat Ku Firmware, Sailor Vsat Ku | 2025-05-27 | 8.1 High |
| An issue in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the sub_21D24 function in the acu_web component. | ||||