Total
4877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54805 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | 9.8 Critical |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. | ||||
| CVE-2024-54806 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | 9.8 Critical |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. | ||||
| CVE-2024-54807 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | 9.8 Critical |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. | ||||
| CVE-2024-11613 | 1 Iptanus | 1 Wordpress File Upload | 2025-04-17 | 9.8 Critical |
| The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. | ||||
| CVE-2024-55085 | 1 Getsimple-ce | 1 Getsimple Cms | 2025-04-17 | 9.8 Critical |
| GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | ||||
| CVE-2024-55505 | 1 Codeastro | 1 Complaint Management System | 2025-04-17 | 8.8 High |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | ||||
| CVE-2024-33871 | 2 Artifex, Redhat | 7 Ghostscript, Enterprise Linux, Rhel Aus and 4 more | 2025-04-16 | 8.8 High |
| An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. | ||||
| CVE-2024-34225 | 2 Computer Laboratory Management System, Oretnom23 | 2 Compuer Labatory Management System, Computer Laboratory Management System | 2025-04-16 | 6.1 Medium |
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | ||||
| CVE-2024-33443 | 1 Onethink | 1 Onethink | 2025-04-16 | 7.1 High |
| An issue in onethink v.1.1 allows a remote attacker to execute arbitrary code via a crafted script to the AddonsController.class.php component. | ||||
| CVE-2022-22985 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2025-04-16 | 8.8 High |
| The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to review history. | ||||
| CVE-2022-24915 | 1 Ipcomm | 2 Ipdio, Ipdio Firmware | 2025-04-16 | 8 High |
| The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). | ||||
| CVE-2022-1159 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2025-04-16 | 7.7 High |
| Rockwell Automation Studio 5000 Logix Designer (all versions) are vulnerable when an attacker who achieves administrator access on a workstation running Studio 5000 Logix Designer could inject controller code undetectable to a user. | ||||
| CVE-2020-25197 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2025-04-16 | 9.8 Critical |
| A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | ||||
| CVE-2021-27446 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2025-04-16 | 10 Critical |
| The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | ||||
| CVE-2022-46070 | 1 Gv Asmanager | 1 Gv Asmanager | 2025-04-16 | 7.5 High |
| GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. | ||||
| CVE-2025-27657 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Remote Code Execution V-2023-008. | ||||
| CVE-2025-27678 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-16 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Client Remote Code Execution V-2023-001. | ||||
| CVE-2022-22763 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2022-22756 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | ||||
| CVE-2025-3688 | 2025-04-16 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in mirweiye Seven Bears Library CMS 2023. This affects an unknown part of the component Background Management Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||