Search

Search Results (365419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-4316 1 Devolutions 1 Devolutions Server 2025-06-17 4.3 Medium
Improper access control in PAM feature in Devolutions Server allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions. This issue affects Devolutions Server versions from 2025.1.3.0 through 2025.1.6.0, and all versions up to 2024.3.15.0.
CVE-2025-25504 1 Niceforyou 2 Gefen Gf-avip-mc Firmware, Gefen Webfwc 2025-06-17 6.5 Medium
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
CVE-2025-28062 1 Frappe 1 Erpnext 2025-06-17 8.1 High
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ERPNEXT 14.82.1 and 14.74.3. The vulnerability allows an attacker to perform unauthorized actions such as user deletion, password resets, and privilege escalation due to missing CSRF protections.
CVE-2025-43915 1 Linkerd 2 Buoyant, Linkerd 2025-06-17 6.5 Medium
In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.
CVE-2025-45242 1 Rhymix 1 Rhymix 2025-06-17 7.7 High
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
CVE-2024-0485 1 Code-projects 1 Fighting Cock Information System 2025-06-17 6.3 Medium
A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.
CVE-2025-46724 1 Langroid 1 Langroid 2025-06-17 9.8 Critical
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.
CVE-2025-5001 1 Gnu 1 Pspp 2025-06-17 3.3 Low
A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-5010 1 Moonlightl 1 Hexo-boot 2025-06-17 2.4 Low
A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5011 1 Moonlightl 1 Hexo-boot 2025-06-17 2.4 Low
A vulnerability classified as problematic was found in moonlightL hexo-boot 4.3.0. This vulnerability affects unknown code of the file /admin/home/index.html of the component Dynamic List Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-5013 1 Hkcms 1 Hkcms 2025-06-17 4.3 Medium
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-29385 1 Dlink 2 Dir-845l, Dir-845l Firmware 2025-06-17 9.0 Critical
DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.
CVE-2025-4932 1 Projectworlds 1 Online Lawyer Management System 2025-06-17 7.3 High
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-40120 1 Seaweedfs 1 Seaweedfs 2025-06-17 6.5 Medium
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.
CVE-2023-40284 1 Supermicro 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more 2025-06-17 8.3 High
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2024-28635 1 Devsoftbaltic 1 Survey-creator 2025-06-17 6.1 Medium
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.
CVE-2023-40285 1 Supermicro 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more 2025-06-17 6.5 Medium
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue.
CVE-2024-24574 1 Phpmyfaq 1 Phpmyfaq 2025-06-17 6.5 Medium
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5.
CVE-2024-25167 1 Markerhub 1 Eblog 2025-06-17 6.1 Medium
Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post.
CVE-2024-25359 2 Zuoxingdong, Zuoxingdong Lagom 2 Lagom, Zuoxingdong Lagom 2025-06-17 6.6 Medium
An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file.