9.3

CVSS4.0

CVE-2018-25114 - osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can invok…

πŸ“… Published: July 23, 2025, 1:50 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2022-4978 - Steppschuh Remote Control Server 3.1.1.12 Unauthenticated RCE

Remote Control Server, maintained byΒ Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attac…

πŸ“… Published: July 23, 2025, 1:49 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2025-54090 - Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64

A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the issue.

πŸ“… Published: July 23, 2025, 1:19 p.m. πŸ”„ Last Modified: Nov. 4, 2025, 10:16 p.m.

9.1

CVSS3.1

CVE-2025-40599 -

An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.

πŸ“… Published: July 23, 2025, 1:13 p.m. πŸ”„ Last Modified: Nov. 6, 2025, 4:41 p.m.

6.5

CVSS3.1

CVE-2025-4411 - XSS in Dataprom Informatics' PACS-ACSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dataprom Informatics PACS-ACSS allows Cross-Site Scripting (XSS).This issue affects PACS-ACSS: before 16.05.2025.

πŸ“… Published: July 23, 2025, 12:19 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7

CVSS4.0

CVE-2024-12310 - Bypass of Login Screen on Shared Kiosk Workstations

A vulnerability in Imprivata Enterprise Access ManagementΒ (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of ke…

πŸ“… Published: July 23, 2025, 11:53 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.7

CVSS3.1

CVE-2025-4296 - Open Redirect in HotelRunner's B2B

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in HotelRunner B2B allows Forceful Browsing.This issue affects B2B: before 04.06.2025.

πŸ“… Published: July 23, 2025, 11:21 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7

CVSS4.0

CVE-2025-54297 - Extension - compojoom.com - Stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla

A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.

πŸ“… Published: July 23, 2025, 11:16 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2025-54294 - Extension - stackideas.com - SQLi vulnerability in Komento component 4.0.0-4.0.7 for Joomla

A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.

πŸ“… Published: July 23, 2025, 11:15 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-54295 - Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for J…

A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.

πŸ“… Published: July 23, 2025, 11:15 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 4538 of 34,919
Β« previous page Β» next page
Filters