Search Results (6818 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25792 1 Seacms 1 Seacms 2025-03-28 4.4 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
CVE-2025-25793 1 Seacms 1 Seacms 2025-03-28 5.1 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
CVE-2025-25794 1 Seacms 1 Seacms 2025-03-28 5.1 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
CVE-2025-25796 1 Seacms 1 Seacms 2025-03-28 5.1 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
CVE-2025-25797 1 Seacms 1 Seacms 2025-03-28 5.1 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
CVE-2025-25802 1 Seacms 1 Seacms 2025-03-28 5.1 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
CVE-2025-25813 1 Seacms 1 Seacms 2025-03-28 5.1 Medium
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
CVE-2024-55461 1 Seacms 1 Seacms 2025-03-28 9.8 Critical
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVE-2023-24612 1 Pdfbook Project 1 Pdfbook 2025-03-28 9.8 Critical
The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option.
CVE-2024-26308 2 Apache, Redhat 9 Commons Compress, Amq Broker, Camel Quarkus and 6 more 2025-03-27 5.5 Medium
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
CVE-2022-21129 1 Paypal 1 Nemo-appium 2025-03-27 7.4 High
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.
CVE-2023-23969 3 Debian, Djangoproject, Redhat 5 Debian Linux, Django, Rhui and 2 more 2025-03-27 7.5 High
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
CVE-2022-48624 2 Greenwoodsoftware, Redhat 4 Less, Enterprise Linux, Logging and 1 more 2025-03-27 7.8 High
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
CVE-2024-26296 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 7.2 High
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26295 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 7.2 High
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26297 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 7.2 High
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26298 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 7.2 High
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2024-26294 1 Arubanetworks 1 Clearpass Policy Manager 2025-03-27 7.2 High
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE-2025-25274 1 Mattermost 1 Mattermost Server 2025-03-27 4.3 Medium
Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to restrict command execution in archived channels, which allows authenticated users to run commands in archived channels.
CVE-2023-23846 1 Open5gs 1 Open5gs 2025-03-27 7.5 High
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C