8.6
CVE-2024-12992 - Remote Code Execution leads to Command Injection
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .
8.6
CVE-2024-12971 - QuickShell Authenticated Command Injection
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6
8.7
CVE-2025-2370 - TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The aβ¦
8.7
CVE-2025-2369 - TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow
A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attacβ¦
5.3
CVE-2025-2368 - WebAssembly wabt Malformed File binary-reader-interp.cc OnExport heap-based overflow
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to hβ¦
5.3
CVE-2025-2367 - Oiwtech OIW-2431APGN-HP Personal Script Submenu formScript os command injection
A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formScript of the component Personal Script Submenu. The manipulation leads to os command injection. The attack can be initiated remotelyβ¦
4.8
CVE-2025-2366 - gougucms Add Department Page add cross site scripting
A vulnerability, which was classified as problematic, was found in gougucms 4.08.18. This affects the function add of the file /admin/department/add of the component Add Department Page. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remoβ¦
7.4
CVE-2025-1724 - Account Takeover
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
5.3
CVE-2025-2365 - crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has beenβ¦
5.1
CVE-2025-2364 - lenve VBlog ArticleService.java addNewArticle cross site scripting
A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scriptinβ¦