Export limit exceeded: 348061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10236 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38360 | 1 Wp-publications Project | 1 Wp-publications | 2025-03-31 | 8.3 High |
| The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | ||||
| CVE-2024-42599 | 1 Seacms | 1 Seacms | 2025-03-28 | 8.8 High |
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
| CVE-2024-46640 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. | ||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | 4.4 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | ||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | ||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | ||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | ||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | ||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | ||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | ||||
| CVE-2024-42598 | 1 Seacms | 1 Seacms | 2025-03-28 | 6.7 Medium |
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
| CVE-2022-48116 | 1 Ayacms Project | 1 Ayacms | 2025-03-28 | 7.2 High |
| AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. | ||||
| CVE-2024-27622 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-03-28 | 7.2 High |
| A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19 / 2.2.21. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. | ||||
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2025-03-28 | 9.8 Critical |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | ||||
| CVE-2022-25967 | 1 Eta.js | 1 Eta | 2025-03-27 | 8.1 High |
| Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. | ||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.9 Medium |
| There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | ||||
| CVE-2025-0185 | 1 Dify | 1 Dify | 2025-03-27 | 8.8 High |
| A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function `vn.get_training_plan_generic(df_information_schema)`, which does not properly sanitize user inputs before executing queries using the Pandas library. This can potentially lead to Remote Code Execution (RCE) if exploited. | ||||
| CVE-2022-45783 | 1 Dotcms | 1 Dotcms | 2025-03-27 | 6.5 Medium |
| An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | ||||
| CVE-2022-48093 | 1 Seacms | 1 Seacms | 2025-03-27 | 7.2 High |
| Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. | ||||
| CVE-2022-44645 | 1 Apache | 1 Linkis | 2025-03-27 | 8.8 High |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1. | ||||