8.8
CVE-2025-9121 - Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.
5.3
CVE-2025-9122 - Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitivβ¦
Hitachi Vantara Pentaho Data Integration and Analytics Community Dashboard Framework prior to versions 10.2.0.4, including 9.3.0.x and 8.3.x display the full server stack trace when encountering an error within the GetCdfResource servlet.
5.3
CVE-2023-53879 - NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration
NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.
4.8
CVE-2025-14722 - vion707 DMadmin Backend AddonsController.class.php add cross site scripting
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed remotβ¦
5.3
CVE-2023-53893 - Ateme TITAN File 3.9 Authenticated Server-Side Request Forgery Vulnerability
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the appβ¦
8.6
CVE-2023-53892 - Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager
Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's β¦
5.1
CVE-2023-53891 - Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification
Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page.
5.1
CVE-2023-53890 - Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload
Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performingβ¦
7.2
CVE-2023-53889 - Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands β¦
7.2
CVE-2023-53888 - Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rβ¦