953065 matches found
DataEase 2.10.4-2.10.7 - Remote Code Execution
DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication. id: CVE-2025-32966 info: name: DataEase 2.10.4-2.10.7 - Remote Code Execution author: ChrisJr4...
vBulletin replaceAdTemplate - Remote Code Execution
vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution RCE vulnerability in the ajax/api/ad/replaceAdTemplate endpoint. This flaw arises from improper use of PHP's Reflection API, allowing unauthenticated attackers to invoke protected controller methods. By injecting a crafted...
MeteoBridge <= 6.1 - Remote Code Execution
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.This web interface exposes an endpoint that is vulnerable to command injection.Remote...
Casdoor - Authorization Bypass
Casdoor up to 1.811.0 contains an authorization bypass caused by manipulation in HandleScim function in controllers/scim.go, letting remote attackers bypass authorization, exploit requires remote access. id: CVE-2025-4210 info: name: Casdoor - Authorization Bypass author: theamanrawat severity:...
Onkyo TX-NR585 Web Interface - Directory Traversal
Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. id: CVE-2020-12447 info: name: Onkyo TX-NR585 Web Interface - Directory Traversal author: 0xAkoko severity: high...
sar2html <=3.2.2 Plot Parameter - Remote Code Execution
sar2html version 3.2.2 and prior contains an OS command injection vulnerability in the plot parameter of index.php. A remote, unauthenticated attacker can append shell metacharacters to the plot parameter and execute arbitrary operating system commands. id: CVE-2025-34030 info: name: sar2html...
FUXA - Unauthenticated Remote Code Execution
A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2023-33831 info: name: FUXA - Unauthenticated Remote Code Execution author: gy741 severity: critical description: | A remot...
Sitecore - Remote Code Execution
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3. id: CVE-2023-35813 info: name: Sitecore - Remote Code Execution author: DhiyaneshDk,iamnoooob severity: critical description: | Multiple Sitecore...
mooSocial v.3.1.8 - Cross-Site Scripting
Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...
PaperCut NG Unauthenticated XMLRPC Functionality
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch. id: CVE-2023-4568 info: name: PaperCut NG Unauthenticated XMLRPC Functionality...
mojoPortal v.2.7.0.0 - Cross-Site Scripting
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. id: CVE-2023-44012 info: name: mojoPortal v.2.7.0.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross...
PrestaShop TshirteCommerce - Directory Traversal
The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...
Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)
imgproxy =3.14.0 is vulnerable to Server-Side Request Forgery SSRF due to a lack of sanitization of the imageURL parameter. id: CVE-2023-30019 info: name: Imgproxy = 3.14.0 - Server-side request forgery SSRF author: DhiyaneshDK severity: medium description: | imgproxy =3.14.0 is vulnerable to...
Mingsoft MCMS < 5.3.1 - Cross-Site Scripting
A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotel...
Team WordPress Plugin (TLP Team) <= 5.0.9 - SQL Injection
Team WordPress plugin = 5.0.11 contains a SQL injection caused by improper sanitization and escaping of a parameter in an AJAX action accessible to unauthenticated users, letting remote attackers execute arbitrary SQL commands. id: CVE-2025-14124 info: name: Team WordPress Plugin TLP Team = 5.0.9...
ChanCMS <= 3.3.0 - SQL Injection
yanyutao0402 ChanCMS = 3.3.0 contains a SQL injection caused by manipulation of the "key" argument in app/modules/api/service/Api.js Search function, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request. id: CVE-2025-10210 info: name: ChanCMS = 3.3.0 - SQL...
NestJS DevTools Integration - Remote Code Execution
Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution RCE vulnerability was discovered in the @nestjs/devtools-integration package. When enabled, the package exposes a local development HTTP server with an API...
IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. id: CVE-2023-40779 info: name: IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect author: r3Y3r53 severity: medium description: | An issue in...
IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection
IBM Planning Analytics versions 2.0.0 through 2.0.8 are vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. id: CVE-2019-4716 info: name: IBM Planning Analytics - Authentication Bypass & Remote...
Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
A directory traversal vulnerability in the Photo Battle comphotobattle component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. id: CVE-2010-1461 info: name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion author: daffainfo...