Total
6234 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-3894 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 8.1 High |
| The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font (TTF) file, aka "TrueType Font CMAP Table Vulnerability." | ||||
| CVE-2013-2115 | 1 Apache | 1 Struts | 2025-04-11 | 8.1 High |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. | ||||
| CVE-2021-38117 | 2 Microfocus, Opentext | 2 Imanager, Imanager | 2025-04-10 | 8.8 High |
| Possible Command injection Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000. | ||||
| CVE-2024-25706 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks. | ||||
| CVE-2024-51298 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2025-04-10 | 9.8 Critical |
| In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function. | ||||
| CVE-2022-38193 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | ||||
| CVE-2024-3788 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | 6.6 Medium |
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. | ||||
| CVE-2024-3785 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | 6.6 Medium |
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. | ||||
| CVE-2024-3786 | 1 Whitebearsolutions | 1 Wbsairback | 2025-04-10 | 6.6 Medium |
| Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code. | ||||
| CVE-2024-25096 | 1 Canto | 1 Canto | 2025-04-10 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | ||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2025-04-10 | 7.4 High |
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | ||||
| CVE-2024-39932 | 1 Gogs | 1 Gogs | 2025-04-10 | 9.9 Critical |
| Gogs through 0.13.0 allows argument injection during the previewing of changes. | ||||
| CVE-2025-25507 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-04-10 | 6.5 Medium |
| There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution. | ||||
| CVE-2025-2196 | 1 Mrcms | 1 Mrcms | 2025-04-10 | 3.5 Low |
| A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2194 | 1 Mrcms | 1 Mrcms | 2025-04-09 | 3.5 Low |
| A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2195 | 1 Mrcms | 1 Mrcms | 2025-04-09 | 3.5 Low |
| A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-22905 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | 9.8 Critical |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | ||||
| CVE-2025-22906 | 1 Edimax | 2 Re11s, Re11s Firmware | 2025-04-09 | 9.8 Critical |
| RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | ||||
| CVE-2024-54907 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-04-09 | 8.8 High |
| TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. | ||||
| CVE-2025-22133 | 1 Wegia | 1 Wegia | 2025-04-09 | 10 Critical |
| WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8. | ||||