Total
4451 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45346 | 1 Xiaomi | 1 Getapps Application | 2025-03-27 | 8.8 High |
| The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | ||||
| CVE-2024-31666 | 2025-03-26 | 9.8 Critical | ||
| An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via a crafted script to the edit_addon_post.php component. | ||||
| CVE-2024-22632 | 1 Setor | 1 Sil | 2025-03-26 | 9.8 Critical |
| Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 was discovered to contain a remote code execution (RCE) vulnerability via the hmsg parameter. This vulnerability is triggered via a crafted POST request. | ||||
| CVE-2024-40552 | 1 Publiccms | 1 Publiccms | 2025-03-26 | 8.8 High |
| PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java. | ||||
| CVE-2025-2623 | 1 Westboy | 1 Cicadascms | 2025-03-26 | 3.5 Low |
| A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-36424 | 1 Phpwcms | 1 Phpwcms | 2025-03-26 | 9.8 Critical |
| An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. | ||||
| CVE-2024-9880 | 2025-03-26 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-28893 | 2025-03-26 | 9.9 Critical | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. This issue affects Visual Text Editor: from n/a through 1.2.1. | ||||
| CVE-2024-55028 | 2025-03-26 | 9.8 Critical | ||
| A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file. | ||||
| CVE-2024-48818 | 2025-03-26 | 9.8 Critical | ||
| An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code. | ||||
| CVE-2025-29806 | 1 Microsoft | 1 Edge Chromium | 2025-03-26 | 6.5 Medium |
| No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-2673 | 1 Fabianros | 1 Employees Payroll Management System | 2025-03-26 | 3.5 Low |
| A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-27793 | 1 Apple | 1 Itunes | 2025-03-26 | 6.3 Medium |
| The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-24576 | 1 Dell | 1 Emc Networker | 2025-03-25 | 7.5 High |
| EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used. | ||||
| CVE-2024-29202 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | 10 Critical |
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | ||||
| CVE-2024-29201 | 1 Fit2cloud | 1 Jumpserver | 2025-03-25 | 10 Critical |
| JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can bypass the input validation mechanism in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and has database access, attackers could steal sensitive information from all hosts or manipulate the database. This vulnerability is fixed in v3.10.7. | ||||
| CVE-2023-43651 | 2 Fit2cloud, Jumpserver | 2 Jumpserver, Jumpserver | 2025-03-25 | 8.6 High |
| JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2025-03-25 | 8.8 High |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | ||||
| CVE-2023-23477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-03-25 | 8.1 High |
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | ||||
| CVE-2024-24230 | 1 Komm.one | 1 Cms | 2025-03-25 | 7.5 High |
| Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command. | ||||