ReportizFlow
Filtered by vendor
Subscriptions
Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9017 | 1 Phpgurukul | 1 Zoo Management System | 2025-08-21 | 4.3 Medium |
| A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5309 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2025-08-21 | 9.8 Critical |
| The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution. | ||||
| CVE-2025-54466 | 1 Apache | 1 Ofbiz | 2025-08-21 | 6.3 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue. | ||||
| CVE-2025-9167 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 3.5 Low |
| A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9168 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 3.5 Low |
| A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9169 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 3.5 Low |
| A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9170 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 3.5 Low |
| A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9171 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 3.5 Low |
| A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9119 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2025-08-21 | 2.4 Low |
| A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50567 | 1 Saurus | 1 Saurus Cms | 2025-08-21 | 10 Critical |
| Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution. | ||||
| CVE-2025-48169 | 2 Jordy Meow, Wordpress | 2 Code Engine, Wordpress | 2025-08-21 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Jordy Meow Code Engine allows Remote Code Inclusion. This issue affects Code Engine: from n/a through 0.3.3. | ||||
| CVE-2025-30975 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 7.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes allows Code Injection. This issue affects Add Custom Codes: from n/a through 4.80. | ||||
| CVE-2025-53577 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global DNS: from n/a through 3.1.0. | ||||
| CVE-2025-54019 | 1 Wordpress | 1 Wordpress | 2025-08-21 | 6.5 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Bearsthemes Alone allows Code Injection. This issue affects Alone: from n/a through n/a. | ||||
| CVE-2024-31011 | 1 Beescms | 1 Beescms | 2025-08-21 | 9.8 Critical |
| Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | ||||
| CVE-2025-55733 | 2025-08-20 | 9.7 Critical | ||
| DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they control. When a victim visits such a site or clicks on the link, the browser triggers the app’s custom URL handler (deepchat:), causing the DeepChat application to launch and process the URL, leading to remote code execution on the victim’s machine. This vulnerability is fixed in 0.3.1. | ||||
| CVE-2025-9147 | 2025-08-20 | 3.5 Low | ||
| A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7101 | 3 Debian, Fedoraproject, Jmcnamara | 3 Debian Linux, Fedora, Spreadsheet\ | 2025-08-20 | 7.8 High |
| Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. | ||||
| CVE-2025-7361 | 2 Microsoft, Ni | 2 Windows, Labview | 2025-08-19 | 7.8 High |
| A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected. | ||||
| CVE-2025-8723 | 2025-08-19 | 9.8 Critical | ||
| The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary PHP into the codebase, achieving remote code execution. | ||||