Total
4854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5651 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5661 | 1 Carmelogarcia | 1 Traffic Offense Reporting System | 2025-06-10 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5722 | 1 Munyweki | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5723 | 1 Munyweki | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5724 | 1 Munyweki | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5725 | 1 Munyweki | 1 Student Result Management System | 2025-06-10 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22988 | 1 Zkteco | 1 Zkbio Wdms | 2025-06-10 | 9.8 Critical |
| ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp. | ||||
| CVE-2024-6807 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-06-10 | 2.4 Low |
| A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-31037 | 1 Nvidia | 4 Bluefield 2 Ga, Bluefield 2 Lts, Bluefield 3 Ga and 1 more | 2025-06-09 | 7.2 High |
| NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS. | ||||
| CVE-2025-5383 | 1 Wanglongcn | 1 Yifang | 2025-06-09 | 2.4 Low |
| A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29306 | 1 Foxcms | 1 Foxcms | 2025-06-09 | 9.8 Critical |
| An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. | ||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2025-06-09 | 8.8 High |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | ||||
| CVE-2025-5523 | 1 Enilu | 1 Web-flash | 2025-06-09 | 3.5 Low |
| A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5713 | 2025-06-09 | 3.5 Low | ||
| A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2023-51066 | 1 Qstar | 1 Archive Storage Manager | 2025-06-06 | 8.8 High |
| An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. | ||||
| CVE-2025-5543 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-06 | 2.4 Low |
| A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5542 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-06 | 2.4 Low |
| A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formPortFw of the component Virtual Server Page. The manipulation of the argument service_type leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22533 | 1 Xiandafu | 1 Beetl | 2025-06-06 | 9.8 Critical |
| Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. | ||||
| CVE-2025-5516 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-06-06 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-41362 | 2025-06-06 | N/A | ||
| Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission. | ||||