Total
5464 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8518 | 2 Givanz, Vvveb | 2 Vvveb, Vvveb | 2025-08-27 | 4.7 Medium |
| A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component. | ||||
| CVE-2025-8521 | 2 Givanz, Vvveb | 2 Vvveb, Vvveb | 2025-08-27 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named b53c7161da606f512b7efcb392d6ffc708688d49/605a70f8729e4d44ebe272671cb1e43e3d6ae014. It is recommended to upgrade the affected component. | ||||
| CVE-2025-54068 | 1 Laravel | 1 Livewire | 2025-08-27 | 9.8 Critical |
| Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is unique to Livewire v3 and does not affect prior major versions. Exploitation requires a component to be mounted and configured in a particular way, but does not require authentication or user interaction. This issue has been patched in Livewire v3.6.4. All users are strongly encouraged to upgrade to this version or later as soon as possible. No known workarounds are available. | ||||
| CVE-2025-2340 | 1 Otale | 1 Tale Blog | 2025-08-26 | 2.4 Low |
| A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-53836 | 1 Xwiki | 2 Xwiki, Xwiki-rendering | 2025-08-26 | 10 Critical |
| XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWiki use the vulnerable feature. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. To avoid the exploitation of this bug, comments can be disabled for untrusted users until an upgrade to a patched version has been performed. Note that users with edit rights will still be able to add comments via the object editor even if comments have been disabled. | ||||
| CVE-2024-39835 | 1 Openrobotics | 1 Robot Operating System | 2025-08-26 | 7.8 High |
| A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-supplied, unsanitized parameter values within the substitution args mechanism, which roslaunch evaluates before launching a node. This flaw allows attackers to craft and execute arbitrary Python code. | ||||
| CVE-2024-39289 | 1 Openrobotics | 1 Robot Operating System | 2025-08-26 | 7.8 High |
| A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-supplied parameter values via special converters for angle representations in radians. This flaw allowed attackers to craft and execute arbitrary Python code. | ||||
| CVE-2024-41148 | 1 Openrobotics | 1 Robot Operating System | 2025-08-26 | 7.8 High |
| A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | ||||
| CVE-2024-41921 | 1 Openrobotics | 1 Robot Operating System | 2025-08-26 | 7.8 High |
| A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code. | ||||
| CVE-2025-3753 | 1 Openrobotics | 1 Robot Operating System | 2025-08-26 | 7.8 High |
| A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-supplied input in the 'rosbag filter' command. This flaw enables attackers to craft and execute arbitrary Python code. | ||||
| CVE-2024-45271 | 4 Helmholz, Mb Connect Line, Mbconnectline and 1 more | 6 Rex 100, Rex 100 Firmware, Mbnet.mini and 3 more | 2025-08-26 | 8.4 High |
| An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. | ||||
| CVE-2025-9416 | 1 Oitcode | 1 Samarium | 2025-08-26 | 2.4 Low |
| A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from a remote location. The exploit has been released to the public and may be exploited. | ||||
| CVE-2024-52786 | 1 Anji-plus | 1 Aj-report | 2025-08-25 | 9.8 Critical |
| An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. | ||||
| CVE-2022-31491 | 2 Voltronic Power, Voltronicpower | 2 Viewpower Pro, Viewpower | 2025-08-25 | 10 Critical |
| Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence. | ||||
| CVE-2025-36014 | 1 Ibm | 2 Integration Bus, Z\/os | 2025-08-25 | 8.2 High |
| IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory. | ||||
| CVE-2025-9237 | 1 Codeastro | 1 Ecommerce Website | 2025-08-25 | 3.5 Low |
| A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-25021 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-24 | 7.2 High |
| IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | ||||
| CVE-2010-20120 | 1 Maplesoft | 1 Maple | 2025-08-23 | N/A |
| Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction. | ||||
| CVE-2025-47988 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2025-08-23 | 7.5 High |
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2024-13196 | 1 Donglight | 1 Bookstore | 2025-08-22 | 3.5 Low |
| A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulation of the argument keywords leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||