Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6287 | 1 Rejetto | 1 Http File Server | 2025-03-14 | 10.0 HIGH | 9.8 CRITICAL |
| The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. | |||||
| CVE-2009-1151 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. | |||||
| CVE-2024-27856 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-03-14 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. | |||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-03-13 | 7.5 HIGH | 9.8 CRITICAL |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | |||||
| CVE-2022-43769 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2025-03-13 | N/A | 7.2 HIGH |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. | |||||
| CVE-2019-7609 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2025-03-13 | 10.0 HIGH | 10.0 CRITICAL |
| Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | |||||
| CVE-2021-22204 | 3 Debian, Exiftool Project, Fedoraproject | 3 Debian Linux, Exiftool, Fedora | 2025-03-13 | 6.8 MEDIUM | 7.8 HIGH |
| Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | |||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2025-03-13 | 7.5 HIGH | 10.0 CRITICAL |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | |||||
| CVE-2024-11635 | 1 Iptanus | 1 Wordpress File Upload | 2025-03-13 | N/A | 9.8 CRITICAL |
| The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. | |||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-03-13 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2025-2086 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2087 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2085 | 1 Starsea99 | 1 Starsea-mall | 2025-03-13 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-21892 | 2 Linux, Nodejs | 2 Linux Kernel, Node.js | 2025-03-13 | N/A | 7.8 HIGH |
| On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | |||||
| CVE-2023-52381 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | N/A |
| Script injection vulnerability in the email module.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | |||||
| CVE-2025-1119 | 2025-03-13 | N/A | 7.3 HIGH | ||
| The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.8.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | |||||
| CVE-2022-22954 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | |||||
| CVE-2025-2084 | 1 Phpgurukul | 1 Human Metapneumovirus | 2025-03-12 | N/A | 6.1 MEDIUM |
| A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13890 | 1 Sksdev | 1 Allow Php Execute | 2025-03-12 | N/A | 7.2 HIGH |
| The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access and above, to inject PHP code into posts and pages. | |||||
| CVE-2024-13895 | 1 Jtsternberg | 1 Code Snippets Cpt | 2025-03-12 | N/A | 6.3 MEDIUM |
| The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||