CVE-2025-60936
- EPSS 0.06%
- Veröffentlicht 24.10.2025 00:00:00
- Zuletzt bearbeitet 28.10.2025 02:32:52
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.
CVE-2025-60938
- EPSS 0.4%
- Veröffentlicht 24.10.2025 00:00:00
- Zuletzt bearbeitet 28.10.2025 02:32:37
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled ...
CVE-2025-22992
- EPSS 0.17%
- Veröffentlicht 06.02.2025 19:15:19
- Zuletzt bearbeitet 30.07.2025 18:12:48
A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL ...
CVE-2023-33518
- EPSS 0.07%
- Veröffentlicht 05.06.2023 15:15:09
- Zuletzt bearbeitet 08.01.2025 19:15:29
emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.