6.1

CVSS3.1

CVE-2025-28121 -

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: April 24, 2025, 4:41 p.m.

8.8

CVSS3.1

CVE-2024-57394 -

The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 allows user to restore a malicious file to an arbitrary file path. Attackers can write malicious DLL to system path and perform privilege escalation by leveraging Windows DLL hijacking vulnerabilities.

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: June 23, 2025, 1:08 p.m.

6.8

CVSS3.1

CVE-2025-43973 -

An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: May 8, 2025, 3:57 p.m.

3.4

CVSS3.1

CVE-2025-43916 -

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have f…

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2024-42699 -

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: April 24, 2025, 4:42 p.m.

9.8

CVSS3.1

CVE-2025-29660 -

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory traver…

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: June 23, 2025, 1:40 p.m.

3.3

CVSS3.1

CVE-2025-29446 -

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection.

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: May 28, 2025, 3:49 p.m.

5.4

CVSS3.1

CVE-2024-41446 -

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: April 24, 2025, 4:44 p.m.

9.8

CVSS3.1

CVE-2025-29659 -

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.

πŸ“… Published: April 21, 2025, midnight πŸ”„ Last Modified: June 23, 2025, 1:42 p.m.

5.3

CVSS4.0

CVE-2025-3830 - kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload

A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted …

πŸ“… Published: April 20, 2025, 4:31 p.m. πŸ”„ Last Modified: April 30, 2025, 5:07 p.m.
Total resulsts: 346565
Page 5448 of 34,657
Β« previous page Β» next page
Filters