Total
5312 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25202 | 1 Phpgurukul | 2 User Registration \& Login And User Management System, User Registration And Login And User Management System | 2025-04-22 | 6.1 Medium |
| Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. | ||||
| CVE-2024-25350 | 1 Phpgurukul | 1 Zoo Management System | 2025-04-22 | 9.8 Critical |
| SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. | ||||
| CVE-2022-46161 | 1 Pdfmake Project | 1 Pdfmake | 2025-04-22 | 10 Critical |
| pdfmake is an open source client/server side PDF printing in pure JavaScript. In versions up to and including 0.2.5 pdfmake contains an unsafe evaluation of user controlled input. Users of pdfmake are thus subject to arbitrary code execution in the context of the process running the pdfmake code. There are no known fixes for this issue. Users are advised to restrict access to trusted user input. | ||||
| CVE-2022-46157 | 1 Akeneo | 1 Product Information Management | 2025-04-22 | 8.8 High |
| Akeneo PIM is an open source Product Information Management (PIM). Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server configuration file, for docker setup and in documentation sample, to fix this vulnerability. Community Edition users must change their Apache HTTP server configuration accordingly to be protected. The patch for Cloud Based Akeneo PIM Services customers has been applied since 30th October 2022. Users are advised to upgrade. Users unable to upgrade may Replace any reference to `<FilesMatch \.php$>` in their apache httpd configurations with: `<Location "/index.php">`. | ||||
| CVE-2024-25291 | 1 Deskfiler | 1 Deskfiler | 2025-04-22 | 9.8 Critical |
| Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. | ||||
| CVE-2023-51801 | 2 Oretnom23, Simple Atudent Attendance System | 2 Simple Student Attendance System, Simple Atudent Attendance System | 2025-04-22 | 9.8 Critical |
| SQL Injection vulnerability in the Simple Student Attendance System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the id parameter in the student_form.php and the class_form.php pages. | ||||
| CVE-2024-36694 | 1 Opencart | 1 Opencart | 2025-04-22 | 7.2 High |
| OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | ||||
| CVE-2013-4813 | 1 Hp | 2 Identity Driven Manager, Procurve Manager | 2025-04-22 | N/A |
| The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745. | ||||
| CVE-2024-43771 | 1 Google | 1 Android | 2025-04-22 | 8.8 High |
| In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-43770 | 1 Google | 1 Android | 2025-04-22 | 8.8 High |
| In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-49747 | 1 Google | 1 Android | 2025-04-22 | 9.8 Critical |
| In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-41264 | 1 Sap | 1 Basis | 2025-04-22 | 8.8 High |
| Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application. | ||||
| CVE-2023-51317 | 1 Phpjabbers | 1 Restaurant Booking System | 2025-04-22 | 6.5 Medium |
| PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | ||||
| CVE-2024-44724 | 2 Autocms, Autocms Project | 2 Autocms, Autocms | 2025-04-22 | 7.2 High |
| AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value. | ||||
| CVE-2023-51320 | 1 Phpjabbers | 1 Night Club Booking Software | 2025-04-22 | 5.3 Medium |
| PHPJabbers Night Club Booking Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | ||||
| CVE-2023-51324 | 1 Phpjabbers | 1 Shared Asset Booking System | 2025-04-22 | 6.5 Medium |
| PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | ||||
| CVE-2023-51331 | 1 Phpjabbers | 1 Cleaning Business Software | 2025-04-22 | 6.5 Medium |
| PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | ||||
| CVE-2021-39426 | 1 Seacms | 1 Seacms | 2025-04-21 | 9.8 Critical |
| An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | ||||
| CVE-2024-43767 | 1 Google | 1 Android | 2025-04-21 | 8.8 High |
| In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-50715 | 1 Smarts-srl | 1 Smart Agent | 2025-04-21 | 7.5 High |
| An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component. | ||||