Full List

Search

Recent Vulnerabilities

• CVE-2025-4000 • published on April 28, 2025 A vulnerability, which was classified as problematic, was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. Affected is an unknown function of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\ssoproxy\jsp\ssoproxy.jsp. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3999 • published on April 28, 2025 A vulnerability, which was classified as problematic, has been found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. This issue affects some unknown processing of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\common\js\addDate\date.jsp of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3998 • published on April 28, 2025 A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3706 • published on April 28, 2025 The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
• CVE-2025-3997 • published on April 28, 2025 A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3996 • published on April 28, 2025 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3995 • published on April 28, 2025 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3994 • published on April 28, 2025 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3993 • published on April 28, 2025 A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2025-3992 • published on April 28, 2025 A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
• CVE-2015-2079 • published on April 28, 2025 Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
• CVE-2015-4582 • published on April 28, 2025 The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product.
• CVE-2022-41871 • published on April 28, 2025 SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
• CVE-2023-35817 • published on April 28, 2025 DevExpress before 23.1.3 allows AsyncDownloader SSRF.
• CVE-2023-35814 • published on April 28, 2025 DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.
• CVE-2023-35815 • published on April 28, 2025 DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
• CVE-2023-35816 • published on April 28, 2025 DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
• CVE-2023-42404 • published on April 28, 2025 OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.
• CVE-2024-32499 • published on April 28, 2025 Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.
• CVE-2025-25776 • published on April 28, 2025 Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.