16983 matches found
CVE-2025-15211
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...
FontForge 输入验证错误漏洞
FontForge is an open source font editing tool from fontforge that supports multiple languages. An input validation error vulnerability exists in FontForge that stems from improper validation of array indexes when parsing SFD files, which could lead to out-of-bounds writes and remote code executio...
PT-2025-54295
Name of the Vulnerable Software and Affected Versions QNO Technology VPN Firewall affected versions not specified Description The VPN Firewall developed by QNO Technology contains an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on th...
PT-2025-54427
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin meter2.php and admin indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...
EUVD-2025-205835
JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...
CVE-2025-15231
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...
EUVD-2025-205695
A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly...
CVE-2025-15231
CVE-2025-15231 affects Tenda M3 router (version 1.0.0.13(4903)). The vulnerability is a stack-based buffer overflow in the function formSetRemoteVlanInfo within /goform/setVlanInfo caused by manipulating the ID/vlan/port parameters. Exploitation can be performed remotely and public exploit detail...
JD Cloud多款产品 安全漏洞
JD Cloud BE6500 and others are products of the Chinese company Jingdong JD.JD Cloud BE6500 is a WiFi router.JD Cloud AX1800 is an edge computing router.JD Cloud AX3000 is an edge computing router. A security vulnerability exists in several JD Cloud products that stems from the presence of an...
CVE-2025-66848
JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...
CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...
CVE-2025-68897
The connected Wordfence report documents CVE-2025-68897 as affecting IF AS Shortcode. It is described as an Unauthenticated? No, the entry shows “Authenticated (Contributor+) Remote Code Execution” via the IF AS Shortcode before 1.2, implying code execution when an attacker with Contributor+ righ...
CVE-2025-15182
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...
CVE-2025-15226 Sunnet|WMPro - Arbitrary File Upload
WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-15162
A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...
PT-2025-53663
Name of the Vulnerable Software and Affected Versions CmsEasy versions through 7.7.7 Description A flaw exists in CmsEasy that allows for code injection. The issue is located in the savetemp action function within the /lib/admin/template admin.php library of the Backend Template Management Page...
CVE-2025-36230
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
Eigent 代码注入漏洞
Eigent is a multi-agent workflow desktop application open-sourced by Eigent AI. A code injection vulnerability exists in Eigent version 0.0.60, which stems from a 1-click remote code execution vulnerability that could lead to the execution of arbitrary code...
ChurchCRM Code Execution Vulnerability
ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...
CVE-2025-14418
pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must...