Total
5138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6695 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This issue affects some unknown processing of the file /html/matPat/adicionar_categoria.php of the component Additional Categoria. The manipulation of the argument Insira a nova categoria leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6696 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been classified as problematic. Affected is an unknown function of the file /html/atendido/Cadastro_Atendido.php of the component Cadastro de Atendio. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-22615. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6697 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6698 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /html/matPat/adicionar_tipoSaida.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6699 | 1 Wegia | 1 Wegia | 2025-07-01 | 3.5 Low |
| A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/Sobrenome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2025-23030. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-37770 | 1 B1ackc4t | 1 14finger | 2025-07-01 | 9.1 Critical |
| 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | ||||
| CVE-2024-23921 | 1 Chargepoint | 6 Home Flex Hardwired, Home Flex Hardwired Firmware, Home Flex Nema 14-50 Plug and 3 more | 2025-07-01 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. | ||||
| CVE-2023-32559 | 2 Nodejs, Redhat | 4 Node.js, Nodejs, Enterprise Linux and 1 more | 2025-07-01 | 7.5 High |
| A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | ||||
| CVE-2025-28993 | 2025-06-30 | 8.6 High | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache allows Code Injection. This issue affects Content No Cache: from n/a through 0.1.3. | ||||
| CVE-2024-32404 | 1 Inducer | 1 Relate | 2025-06-30 | 6 Medium |
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature. | ||||
| CVE-2024-32406 | 2 Inducer, Inducer | 2 Relate, Relate | 2025-06-30 | 7.5 High |
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. | ||||
| CVE-2024-39236 | 1 Gradio Project | 1 Gradio | 2025-06-27 | 9.8 Critical |
| Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself. | ||||
| CVE-2025-6475 | 1 Razormist | 1 Student Result Management System | 2025-06-27 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/manage_students of the component Manage Students Module. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6452 | 1 Codeastro | 1 Patient Record Management System | 2025-06-27 | 2.4 Low |
| A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22724 | 1 Oscommerce | 1 Oscommerce | 2025-06-27 | 6.6 Medium |
| An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. | ||||
| CVE-2025-48123 | 2 Woocommerce, Wordpress | 2 Woocommerce, Wordpress | 2025-06-27 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Code Injection. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | ||||
| CVE-2025-48140 | 2 Metalpriceapi, Wordpress | 2 Metalpriceapi, Wordpress | 2025-06-27 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from n/a through 1.1.4. | ||||
| CVE-2025-29902 | 2 Rts, Telex | 2 Vlink Virtual Matrix Software, Remote Dispatch Console Server | 2025-06-27 | 10 Critical |
| Remote code execution that allows unauthorized users to execute arbitrary code on the server machine. | ||||
| CVE-2025-6509 | 1 Seaswalker | 1 Spring Analysis | 2025-06-27 | 3.5 Low |
| A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2024-22274 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-06-27 | 7.2 High |
| The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. | ||||