Search Results (6955 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6865 1 Sybase 1 Adaptive Server Enterprise 2025-04-11 N/A
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
CVE-2013-6866 1 Sybase 1 Adaptive Server Enterprise 2025-04-11 N/A
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
CVE-2013-6948 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-0294 1 Microsoft 1 Microsoft Forefront Protection 2010 2025-04-11 N/A
Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
CVE-2014-1202 2 Eviware, Smartbear 2 Soapui, Soapui 2025-04-11 N/A
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVE-2021-38117 2 Microfocus, Opentext 2 Imanager, Imanager 2025-04-10 8.8 High
Possible Command injection Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000.
CVE-2024-25706 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL which, when clicked, could potentially generate a message that may entice an unsuspecting victim to visit an arbitrary website. This could simplify phishing attacks.
CVE-2022-4800 1 Usememos 1 Memos 2025-04-10 6.5 Medium
Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.
CVE-2024-51298 1 Draytek 2 Vigor3900, Vigor3900 Firmware 2025-04-10 9.8 Critical
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
CVE-2022-38193 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.
CVE-2024-3788 1 Whitebearsolutions 1 Wbsairback 2025-04-10 6.6 Medium
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through License (/admin/CDPUsers). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.
CVE-2024-3785 1 Whitebearsolutions 1 Wbsairback 2025-04-10 6.6 Medium
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.
CVE-2024-3786 1 Whitebearsolutions 1 Wbsairback 2025-04-10 6.6 Medium
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code.
CVE-2022-25926 1 Window-control Project 1 Window-control 2025-04-10 7.4 High
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
CVE-2024-39932 1 Gogs 1 Gogs 2025-04-10 9.9 Critical
Gogs through 0.13.0 allows argument injection during the previewing of changes.
CVE-2025-25507 1 Tenda 2 Ac6, Ac6 Firmware 2025-04-10 6.5 Medium
There is a RCE vulnerability in Tenda AC6 15.03.05.16_multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution.
CVE-2025-2196 1 Mrcms 1 Mrcms 2025-04-10 3.5 Low
A vulnerability was found in MRCMS 3.1.2. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /admin/file/upload.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2194 1 Mrcms 1 Mrcms 2025-04-09 3.5 Low
A vulnerability was found in MRCMS 3.1.2 and classified as problematic. This issue affects the function list of the file /admin/file/list.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument path leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-2195 1 Mrcms 1 Mrcms 2025-04-09 3.5 Low
A vulnerability was found in MRCMS 3.1.2. It has been classified as problematic. Affected is the function rename of the file /admin/file/rename.do of the component org.marker.mushroom.controller.FileController. The manipulation of the argument name/path leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-22905 1 Edimax 2 Re11s, Re11s Firmware 2025-04-09 9.8 Critical
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp.