Show filters
653 Total Results
Displaying 1-10 of 653
Sort by:
Attacker Value
Very High
CVE-2023-6448
Disclosure Date: December 05, 2023 (last updated February 25, 2025)
Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable system.
2
Attacker Value
Unknown
CVE-2024-12858
Disclosure Date: March 13, 2025 (last updated March 14, 2025)
Delta Electronics CNCSoft-G2 Version 2.1.0.16 and prior lacks proper
validation of the length of user-supplied data prior to copying it to a
fixed-length heap-based buffer. If a target visits a malicious page or
opens a malicious file an attacker can leverage this vulnerability to
execute code in the context of the current process.
0
Attacker Value
Unknown
CVE-2024-9157
Disclosure Date: March 11, 2025 (last updated March 12, 2025)
** UNSUPPORTED WHEN ASSIGNED **
A privilege escalation vulnerability in CxUIUSvc64.exe and
CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized
attacker to load a DLL in a privileged process.
Out of an abundance of caution, this CVE ID is being
assigned to better serve our customers and ensure all who are still running
this product understand that the product is End-of-Life and should be removed.
For more information on this, refer to the CVE Record’s reference information.
0
Attacker Value
Unknown
CVE-2025-2117
Disclosure Date: March 09, 2025 (last updated March 09, 2025)
A vulnerability was found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as critical. Affected by this issue is the function electricDocList of the file /newsedit/report/reportCenter.do. The manipulation of the argument fvID/catID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown
CVE-2025-2116
Disclosure Date: March 09, 2025 (last updated March 09, 2025)
A vulnerability has been found in Beijing Founder Electronics Founder Enjoys All-Media Acquisition and Editing System 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /newsedit/newsedit/xy/imageProxy.do of the component File Protocol Handler. The manipulation of the argument xyImgUrl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown
CVE-2024-12097
Disclosure Date: March 05, 2025 (last updated March 06, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Boceksoft Informatics E-Travel allows SQL Injection.This issue affects E-Travel: before 15.12.2024.
0
Attacker Value
Unknown
CVE-2024-13815
Disclosure Date: March 05, 2025 (last updated March 05, 2025)
The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
0
Attacker Value
Unknown
CVE-2025-1300
Disclosure Date: February 28, 2025 (last updated March 01, 2025)
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.
The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassing the protections against CVE-2021-28861, leading to the same open redirect pathway.
This issue affects CodeChecker: through 6.24.5.
0
Attacker Value
Unknown
CVE-2025-22881
Disclosure Date: February 26, 2025 (last updated February 27, 2025)
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
0
Attacker Value
Unknown
CVE-2025-27298
Disclosure Date: February 24, 2025 (last updated February 25, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection. This issue affects WP Video Posts: from n/a through 3.5.1.
0