Lucene search
K

16983 matches found

RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.11 views

CVE-2025-15211

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

9.8CVSS6.9AI score0.00315EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.1 views

FontForge 输入验证错误漏洞

FontForge is an open source font editing tool from fontforge that supports multiple languages. An input validation error vulnerability exists in FontForge that stems from improper validation of array indexes when parsing SFD files, which could lead to out-of-bounds writes and remote code executio...

8.8CVSS8.9AI score0.00581EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54295

Name of the Vulnerable Software and Affected Versions QNO Technology VPN Firewall affected versions not specified Description The VPN Firewall developed by QNO Technology contains an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on th...

8.8CVSS7.5AI score0.00872EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.6 views

PT-2025-54427

meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin meter2.php and admin indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges...

8.8CVSS8.6AI score0.0061EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/30 6:30 p.m.3 views

EUVD-2025-205835

JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...

6.8AI score0.01011EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 7:15 a.m.2 views

CVE-2025-15231

A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing a manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been public...

8.7CVSS6.4AI score
Exploits0References5
EUVD
EUVD
added 2025/12/30 7:2 a.m.4 views

EUVD-2025-205695

A vulnerability was determined in Tenda M3 1.0.0.134903. This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly...

9CVSS8.8AI score0.00632EPSS
Exploits1References6
CVE
CVE
added 2025/12/30 7:2 a.m.11 views

CVE-2025-15231

CVE-2025-15231 affects Tenda M3 router (version 1.0.0.13(4903)). The vulnerability is a stack-based buffer overflow in the function formSetRemoteVlanInfo within /goform/setVlanInfo caused by manipulating the ID/vlan/port parameters. Exploitation can be performed remotely and public exploit detail...

9CVSS8.9AI score0.00632EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.8 views

JD Cloud多款产品 安全漏洞

JD Cloud BE6500 and others are products of the Chinese company Jingdong JD.JD Cloud BE6500 is a WiFi router.JD Cloud AX1800 is an edge computing router.JD Cloud AX3000 is an edge computing router. A security vulnerability exists in several JD Cloud products that stems from the presence of an...

9.8CVSS6AI score0.01011EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/30 12:0 a.m.22 views

CVE-2025-66848

JD Cloud NAS routers AX1800 4.3.1.r4308 and earlier, AX3000 4.3.1.r4318 and earlier, AX6600 4.5.1.r4533 and earlier, BE6500 4.4.1.r4308 and earlier, ER1 4.5.1.r4518 and earlier, and ER2 4.5.1.r4518 and earlier contain an unauthorized remote command execution vulnerability...

0.01011EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/29 3:55 p.m.29 views

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

9.9CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2025/12/29 3:55 p.m.18 views

CVE-2025-68897

The connected Wordfence report documents CVE-2025-68897 as affecting IF AS Shortcode. It is described as an Unauthenticated? No, the entry shows “Authenticated (Contributor+) Remote Code Execution” via the IF AS Shortcode before 1.2, implying code execution when an attacker with Contributor+ righ...

9.9CVSS5.9AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2025/12/29 10:15 a.m.7 views

CVE-2025-15182

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to th...

9.8CVSS0.00322EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/29 6:39 a.m.27 views

CVE-2025-15226 Sunnet|WMPro - Arbitrary File Upload

WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

9.8CVSS0.00508EPSS
Exploits0References2
NVD
NVD
added 2025/12/29 12:15 a.m.3 views

CVE-2025-15162

A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been...

8.6CVSS0.00676EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.8 views

PT-2025-53663

Name of the Vulnerable Software and Affected Versions CmsEasy versions through 7.7.7 Description A flaw exists in CmsEasy that allows for code injection. The issue is located in the savetemp action function within the /lib/admin/template admin.php library of the Backend Template Management Page...

7.2CVSS7.5AI score0.00413EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/12/27 2:46 p.m.7 views

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.6AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/27 12:0 a.m.4 views

Eigent 代码注入漏洞

Eigent is a multi-agent workflow desktop application open-sourced by Eigent AI. A code injection vulnerability exists in Eigent version 0.0.60, which stems from a 1-click remote code execution vulnerability that could lead to the execution of arbitrary code...

9.8CVSS8.2AI score0.00488EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/25 12:0 a.m.1 views

ChurchCRM Code Execution Vulnerability

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from user input in the installation wizard being written directly to a configuration file without validation, which can be exploited by an attacker to cause remote code execution...

10CVSS6.5AI score0.04151EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.6 views

CVE-2025-14418

pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must...

7CVSS7.1AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder