Show filters
653 Total Results
Displaying 1-10 of 653
Sort by:
Attacker Value
Very High

CVE-2023-6448

Disclosure Date: December 05, 2023 (last updated February 25, 2025)
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
Attacker Value
Unknown

CVE-2024-12858

Disclosure Date: March 13, 2025 (last updated March 14, 2025)
Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
0
Attacker Value
Unknown

CVE-2024-9157

Disclosure Date: March 11, 2025 (last updated March 12, 2025)
** UNSUPPORTED WHEN ASSIGNED **  A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information.
0
Attacker Value
Unknown

CVE-2025-2117

Disclosure Date: March 09, 2025 (last updated March 09, 2025)
A vulnerability was found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as critical. Affected by this issue is the function electricDocList of the file /newsedit/report/reportCenter.do. The manipulation of the argument fvID/catID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Attacker Value
Unknown

CVE-2025-2116

Disclosure Date: March 09, 2025 (last updated March 09, 2025)
A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component File Protocol Handler. The manipulation of the argument xyImgUrl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Attacker Value
Unknown

CVE-2024-12097

Disclosure Date: March 05, 2025 (last updated March 06, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.
Attacker Value
Unknown

CVE-2024-13815

Disclosure Date: March 05, 2025 (last updated March 05, 2025)
The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Attacker Value
Unknown

CVE-2025-1300

Disclosure Date: February 28, 2025 (last updated March 01, 2025)
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway. This issue affects CodeChecker: through 6.24.5.
0
Attacker Value
Unknown

CVE-2025-22881

Disclosure Date: February 26, 2025 (last updated February 27, 2025)
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
0
Attacker Value
Unknown

CVE-2025-27298

Disclosure Date: February 24, 2025 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1.
0