Total
5593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2111 | 1 Jnmsolutions | 1 Db Top Sites | 2025-04-09 | N/A |
| Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. | ||||
| CVE-2009-1946 | 1 Adaptbb | 1 Adaptbb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter. | ||||
| CVE-2009-1444 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | ||||
| CVE-2009-1248 | 1 Acutecp | 1 Acute Control Panel | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/. | ||||
| CVE-2009-1064 | 2 Orbit Downloader, Orbitdownloader | 2 Orbit Downloader, Orbit Downloader | 2025-04-09 | N/A |
| Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | ||||
| CVE-2007-5574 | 1 Phpdj | 1 Phpdj | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2009-0955 | 1 Apple | 1 Quicktime | 2025-04-09 | N/A |
| Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue." | ||||
| CVE-2007-5423 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-09 | N/A |
| tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. | ||||
| CVE-2007-5149 | 1 North Country Public Radio | 1 Public Media Manager | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter. | ||||
| CVE-2009-0572 | 1 Flatnux | 1 Flatnux | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php. | ||||
| CVE-2009-0513 | 1 Webframe | 1 Webframe | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/. | ||||
| CVE-2009-0441 | 1 Technote | 1 Technote | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138. | ||||
| CVE-2008-1682 | 1 Elearningforce | 1 Online Flashquiz | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter. | ||||
| CVE-2008-5060 | 1 Modernbill | 1 Modernbill | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054. | ||||
| CVE-2008-6651 | 1 Oxyproject | 1 Oxybox | 2025-04-09 | N/A |
| Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter. | ||||
| CVE-2025-25362 | 2025-04-08 | 9.8 Critical | ||
| A Server-Side Template Injection (SSTI) vulnerability in Spacy-LLM v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. | ||||
| CVE-2025-26818 | 1 Netwrix | 1 Password Secure | 2025-04-08 | 9.8 Critical |
| Netwrix Password Secure through 9.2 allows command injection. | ||||
| CVE-2025-3326 | 1 Iteaj | 1 Iboot | 2025-04-08 | 3.5 Low |
| A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3327 | 1 Iteaj | 1 Iboot | 2025-04-08 | 3.5 Low |
| A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3393 | 2025-04-08 | 3.5 Low | ||
| A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||