Bulletins: Vulnerability Summary for the Week of August 25, 2025

Sep 2, 2025

—

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245
Source: Bulletins
Title: Vulnerability Summary for the Week of August 25, 2025

Feedly Summary:
High Vulnerabilities

PrimaryVendor — Product
Description
Published
CVSS Score
Source Info

1000projects–Online Project Report Submission and Evaluation System
A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-08-26
7.3
CVE-2025-9444

8bitkid–Yahoo! WebPlayer
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6.
2025-08-28
7.1
CVE-2025-53215

Aaron Axelsen–WPMU Ldap Authentication
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1.
2025-08-28
7.1
CVE-2025-48343

add-ons.org–Drag and Drop File Upload for Elementor Forms
Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3.
2025-08-28
10
CVE-2025-49387

Agiloft–Agiloft
Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30.
2025-08-26
8.1
CVE-2025-35115

Agiloft–Agiloft
Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30.
2025-08-26
7.5
CVE-2025-35114

Ai3–QbiCRMGateway
The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
2025-08-29
7.5
CVE-2025-9639

Arista Networks–EOS
On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.
2025-08-25
7.5
CVE-2025-6188

Assaf Parag–Poll, Survey & Quiz Maker Plugin by Opinion Stage
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage allows PHP Local File Inclusion. This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through 19.11.0.
2025-08-28
7.5
CVE-2025-53328

asterisk–asterisk
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn’t in a previous 401 response’s WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn’t being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds.
2025-08-28
7.5
CVE-2025-57767

bPlugins–Tiktok Feed
Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21.
2025-08-28
7.1
CVE-2025-54710

Campcodes–Advanced Online Voting System
A vulnerability was determined in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
2025-08-30
7.3
CVE-2025-9694

Campcodes–Farm Management System
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
2025-08-31
7.3
CVE-2025-9726

Campcodes–Online Learning Management System
A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
2025-08-31
7.3
CVE-2025-9750

Campcodes–Online Learning Management System
A weakness has been identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /login.php. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
2025-08-31
7.3
CVE-2025-9751

Campcodes–Online Loan Management System
A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save_payment. Executing manipulation of the argument loan_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
2025-08-27
7.3
CVE-2025-9502

Campcodes–Online Loan Management System
A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
2025-08-27
7.3
CVE-2025-9503

Campcodes–Online Loan Management System
A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
2025-08-27
7.3
CVE-2025-9504

Campcodes–Online Loan Management System
A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
2025-08-27
7.3
CVE-2025-9505

Campcodes–Online Loan Management System
A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used.
2025-08-27
7.3
CVE-2025-9506

Campcodes–Online Loan Management System
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
2025-08-29
7.3
CVE-2025-9678

Campcodes–Online Loan Management System
A weakness has been identified in Campcodes Online Loan Management System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
2025-08-31
7.3
CVE-2025-9744

Campcodes–Online Shopping System
A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
2025-08-30
7.3
CVE-2025-9691

Campcodes–Online Shopping System
A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
2025-08-30
7.3
CVE-2025-9692

Campcodes–Online Water Billing System
A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
2025-08-25
7.3
CVE-2025-9423

Campcodes–Online Water Billing System
A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
2025-08-26
7.3
CVE-2025-9492

Campcodes–Online Water Billing System
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
2025-08-31
7.3
CVE-2025-9739

Campcodes–Payroll Management System
A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
2025-08-27
7.3
CVE-2025-9529

captcha.eu–Captcha.eu
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in captcha.eu Captcha.eu allows Reflected XSS. This issue affects Captcha.eu: from n/a through n/a.
2025-08-28
7.1
CVE-2025-53579

Changing–Clinic Image System
Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
2025-08-29
9.8
CVE-2025-8857

Changing–Clinic Image System
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
2025-08-29
7.5
CVE-2025-8858

Changing–TSA
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
2025-08-29
9.8
CVE-2025-8861

Cisco–Cisco NX-OS Software
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device.
2025-08-27
7.4
CVE-2025-20241

Cisco–Cisco Unified Computing System (Managed)
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager.
2025-08-27
7.1
CVE-2025-20317

CocoBasic–Neresa
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3.
2025-08-28
8.1
CVE-2025-49383

code-projects–Human Resource Integrated System
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
2025-08-31
7.3
CVE-2025-9733

code-projects–Human Resource Integrated System
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
2025-08-31
7.3
CVE-2025-9740

code-projects–Human Resource Integrated System
A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /login_query12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
2025-08-31
7.3
CVE-2025-9741

code-projects–Human Resource Integrated System
A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
2025-08-31
7.3
CVE-2025-9742

code-projects–Human Resource Integrated System
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
2025-08-31
7.3
CVE-2025-9743

code-projects–Online Event Judging System
A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
2025-08-29
7.3
CVE-2025-9610

code-projects–Simple Grading System
A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized.
2025-08-29
7.3
CVE-2025-9662

CodeYatri–Gutenify
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CodeYatri Gutenify allows PHP Local File Inclusion. This issue affects Gutenify: from n/a through 1.5.6.
2025-08-28
7.5
CVE-2025-53326

Consensys–gnark
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn’t converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.
2025-08-29
7.5
CVE-2025-58157

cuckoohello–
Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello ç™¾åº¦åˆ†äº«æŒ‰é’® allows Stored XSS. This issue affects ç™¾åº¦åˆ†äº«æŒ‰é’®: from n/a through 1.0.6.
2025-08-28
7.1
CVE-2025-48320

dactum–Clickbank WordPress Plugin (Niche Storefront)
Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS. This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through 1.3.5.
2025-08-28
7.1
CVE-2025-48353

Dell–ThinOS 10
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
2025-08-27
9.6
CVE-2025-43728

Dell–ThinOS 10
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure.
2025-08-27
8.4
CVE-2025-43730

Dell–ThinOS 10
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access.
2025-08-27
7.8
CVE-2025-43729

Dell–ThinOS 10
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access.
2025-08-27
7.8
CVE-2025-43882

Delta Electronics–COMMGR
Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.
2025-08-26
8.6
CVE-2025-53418

Delta Electronics–COMMGR
Delta Electronics COMMGR has Code Injection vulnerability.
2025-08-26
7.8
CVE-2025-53419

developers savyour–Savyour Affiliate Partner
Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner allows Stored XSS. This issue affects Savyour Affiliate Partner: from n/a through 2.1.4.
2025-08-28
7.1
CVE-2025-48306

Dmitry V. (CEO of “UKR Solution")–UPC/EAN/GTIN Code Generator
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2.
2025-08-28
7.7
CVE-2025-53588

dyiosah–Ultimate twitter profile widget
Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows Stored XSS. This issue affects Ultimate twitter profile widget: from n/a through 1.0.
2025-08-28
7.1
CVE-2025-48321

Dylan James–Zephyr Project Manager
Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201.
2025-08-28
7.1
CVE-2025-54714

eboekhouden–e-Boekhouden.nl
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eboekhouden e-Boekhouden.nl allows Reflected XSS. This issue affects e-Boekhouden.nl: from n/a through 1.9.3.
2025-08-28
7.1
CVE-2025-53225

emarket-design–Employee Directory Staff Listing & Team Directory Plugin for WordPress
Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through 4.5.3.
2025-08-28
8.1
CVE-2025-53243

emarket-design–Employee Spotlight
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight: from n/a through 5.1.1.
2025-08-28
8.1
CVE-2025-53583

emarket-design–WP Easy Contact
Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact allows Object Injection. This issue affects WP Easy Contact: from n/a through 4.0.1.
2025-08-28
8.1
CVE-2025-53572

emarket-design–WP Ticket Customer Service Software & Support Ticket System
Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2.
2025-08-28
8.1
CVE-2025-53584

emarket-design–YouTube Showcase
Improper Control of Generation of Code (‘Code Injection’) vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1.
2025-08-28
8.1
CVE-2025-54731

enituretechnology–Small Package Quotes USPS Edition
Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS Edition allows Object Injection. This issue affects Small Package Quotes – USPS Edition: from n/a through 1.3.9.
2025-08-27
7.2
CVE-2025-58218

extendons–WooCommerce csv import export
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6.
2025-08-28
7.7
CVE-2025-54029

extremeidea–bidorbuy Store Integrator
Improper Control of Generation of Code (‘Code Injection’) vulnerability in extremeidea bidorbuy Store Integrator allows Remote Code Inclusion. This issue affects bidorbuy Store Integrator: from n/a through 2.12.0.
2025-08-28
9.1
CVE-2025-48100

Favethemes–Houzez
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.
2025-08-28
8.1
CVE-2025-49405

favethemes–Houzez
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1.
2025-08-28
7.1
CVE-2025-49407

Gary Illyes–Google XML News Sitemap plugin
Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS. This issue affects Google XML News Sitemap plugin: from n/a through 0.02.
2025-08-28
7.1
CVE-2025-48304

gavias–Kipso
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Kipso allows PHP Local File Inclusion. This issue affects Kipso: from n/a through 1.3.4.
2025-08-28
8.1
CVE-2025-53578

GeroNikolov–Instant Breaking News
Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0.
2025-08-27
7.1
CVE-2025-58217

glpi-project–glpi
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19.
2025-08-27
7.5
CVE-2025-53105

Hamid Alinia–Login with phone number
Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects Login with phone number: from n/a through 1.6.93.
2025-08-31
9.8
CVE-2024-32832

harness–harness
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.
2025-08-29
8.8
CVE-2025-58158

HashiCorp–Vault
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
2025-08-28
7.5
CVE-2025-6203

Hikvision–HikCentral Professional
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
2025-08-29
8.6
CVE-2025-39247

HKritesh009–Grocery List Management Web App
A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
2025-08-31
7.3
CVE-2025-9749

honzat–Page Manager for Elementor
Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5.
2025-08-28
7.6
CVE-2025-53230

IBM–Cognos Command Center
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.
2025-08-26
7.8
CVE-2025-1994

IBM–Cognos Command Center
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
2025-08-26
7.4
CVE-2025-2697

IBM–Security Verify Governance Identity Manager
IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system.
2025-08-28
7.5
CVE-2025-36003

IBM–watsonx Orchestrate Cartridge for IBM Cloud Pak for Data
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
2025-08-30
7.6
CVE-2025-0165

ImageMagick–ImageMagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
2025-08-26
7.5
CVE-2025-55298

ImageMagick–ImageMagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick’s 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 Ã— width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2.
2025-08-26
7.5
CVE-2025-57803

ISC–Kea
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
2025-08-27
7.5
CVE-2025-40779

itsourcecode–Apartment Management System
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
2025-08-25
7.3
CVE-2025-9418

itsourcecode–Apartment Management System
A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
2025-08-25
7.3
CVE-2025-9419

itsourcecode–Apartment Management System
A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
2025-08-25
7.3
CVE-2025-9420

itsourcecode–Apartment Management System
A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
2025-08-25
7.3
CVE-2025-9421

itsourcecode–Apartment Management System
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
2025-08-26
7.3
CVE-2025-9468

itsourcecode–Apartment Management System
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
2025-08-26
7.3
CVE-2025-9469

itsourcecode–Apartment Management System
A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
2025-08-26
7.3
CVE-2025-9470

itsourcecode–Apartment Management System
A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
2025-08-26
7.3
CVE-2025-9471

itsourcecode–Apartment Management System
A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
2025-08-26
7.3
CVE-2025-9472

itsourcecode–Apartment Management System
A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
2025-08-27
7.3
CVE-2025-9507

itsourcecode–Apartment Management System
A vulnerability was detected in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /report/rented_info.php. The manipulation of the argument rsid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
2025-08-27
7.3
CVE-2025-9508

itsourcecode–Apartment Management System
A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
2025-08-27
7.3
CVE-2025-9509

itsourcecode–Apartment Management System
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
2025-08-27
7.3
CVE-2025-9510

itsourcecode–Apartment Management System
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
2025-08-27
7.3
CVE-2025-9511

itsourcecode–Apartment Management System
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
2025-08-28
7.3
CVE-2025-9592

itsourcecode–Apartment Management System
A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unit_status_info.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
2025-08-28
7.3
CVE-2025-9593

itsourcecode–Apartment Management System
A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complain_info.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
2025-08-28
7.3
CVE-2025-9594

itsourcecode–Apartment Management System
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
2025-08-29
7.3
CVE-2025-9597

itsourcecode–Apartment Management System
A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
2025-08-29
7.3
CVE-2025-9598

itsourcecode–Apartment Management System
A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
2025-08-29
7.3
CVE-2025-9599

itsourcecode–Apartment Management System
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
2025-08-29
7.3
CVE-2025-9600

itsourcecode–Apartment Management System
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
2025-08-29
7.3
CVE-2025-9601

itsourcecode–Apartment Management System
A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
2025-08-29
7.3
CVE-2025-9643

itsourcecode–Apartment Management System
A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
2025-08-29
7.3
CVE-2025-9644

itsourcecode–Apartment Management System
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
2025-08-29
7.3
CVE-2025-9645

itsourcecode–Apartment Management System
A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
2025-08-31
7.3
CVE-2025-9730

itsourcecode–Online Tour and Travel Management System
A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
2025-08-25
7.3
CVE-2025-9425

itsourcecode–Online Tour and Travel Management System
A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
2025-08-25
7.3
CVE-2025-9426

itsourcecode–Sports Management System
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
2025-08-28
7.3
CVE-2025-9596

itsourcecode–Student Information System
A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
2025-08-30
7.3
CVE-2025-9679

Jason–Theme Blvd Widget Areas
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0.
2025-08-28
7.1
CVE-2025-53289

JetBrains–IDE Services
In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves
2025-08-28
8.1
CVE-2025-58334

Jinher–OA
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
2025-08-29
7.3
CVE-2025-9669

kamleshyadav–Miraculous Core Plugin
Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7.
2025-08-28
9.8
CVE-2025-49388

kasonzhao–SEO For Images
Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS. This issue affects SEO For Images: from n/a through 1.0.0.
2025-08-28
7.1
CVE-2025-48307

Koen Schuit–NextGEN Gallery Search
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12.
2025-08-28
7.1
CVE-2025-53224

LabRedesCefetRJ–WeGIA
WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
2025-08-29
10
CVE-2025-58159

langflow-ai–langflow
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.
2025-08-25
8.8
CVE-2025-57760

Linksys–E1700
A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-08-27
8.8
CVE-2025-9525

Linksys–E1700
A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-08-27
8.8
CVE-2025-9526

Linksys–E1700
A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-08-27
8.8
CVE-2025-9527

Linksys–RE6250
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-08-26
8.8
CVE-2025-9481

Linksys–RE6250
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-08-26
8.8
CVE-2025-9482

Linksys–RE6250
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
2025-08-26
8.8
CVE-2025-9483

magepeopleteam–WpEvently
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8.
2025-08-28
8.8
CVE-2025-54742

manfcarlo–WP Funnel Manager
Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a through 1.4.0.
2025-08-28
9.8
CVE-2025-52761

Mojoomla–School Management
Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025).
2025-08-31
9.9
CVE-2025-31100

nonletter–Newsletter subscription optin module
Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9.
2025-08-28
7.1
CVE-2025-48308

NooTheme–Jobmonster
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9.
2025-08-28
9.8
CVE-2025-54738

NVIDIA–NeMo Framework
NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
2025-08-26
7.8
CVE-2025-23312

NVIDIA–NeMo Framework
NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
2025-08-26
7.8
CVE-2025-23313

NVIDIA–NeMo Framework
NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
2025-08-26
7.8
CVE-2025-23315

NVIDIA–NVIDIA NeMo Curator
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
2025-08-26
7.8
CVE-2025-23307

OffClicks–Invisible Optin
Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0.
2025-08-28
7.1
CVE-2025-48311

ovatheme–Ireca
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5.
2025-08-28
8.1
CVE-2025-54716

ovatheme–Ovatheme Events
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme Ovatheme Events allows PHP Local File Inclusion. This issue affects Ovatheme Events: from n/a through 1.2.8.
2025-08-28
8.1
CVE-2025-53576

ovatheme.com–Event List
The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user’s capabilities prior to updating their profile in the el_update_profile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their capabilities to those of an administrator.
2025-08-26
8.8
CVE-2025-6366

Paymenter–Paymenter
Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read from configuration files, and arbitrary system commands being run under the web server user context. This vulnerability was patched by commit 87c3db4 and was released under the version 1.2.11 tag without any other code modifications compared to version 1.2.10. If upgrading is not immediately possible, administrators can mitigate this vulnerability with one or more of the following measures: updating nginx config to download attachments instead of executing them or disallowing access to /storage/ fully using a WAF such as Cloudflare.
2025-08-28
10
CVE-2025-58048

pbmacintyre–RingCentral Communications Plugin FREE
The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes.
2025-08-28
9.8
CVE-2025-7955

PHPGurukul–Online Course Registration
A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
2025-08-31
7.3
CVE-2025-9729

pierrelannoy–Vibes
The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
2025-08-26
7.5
CVE-2025-9172

plone–volto
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
2025-08-28
7.5
CVE-2025-58047

pluggabl–Booster for WooCommerce PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘add_files_to_order’ function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site’s server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
2025-08-29
8.1
CVE-2024-13342

PluginsPoint–Kento Splash Screen
Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4.
2025-08-28
7.1
CVE-2025-48351

purethemes–Listeo-Core
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in purethemes Listeo-Core allows SQL Injection. This issue affects Listeo-Core: from n/a through 1.9.32.
2025-08-28
8.5
CVE-2025-49404

RACOM–M!DGE2
A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid.
2025-08-26
7.2
CVE-2025-36729

Red Hat–Red Hat Enterprise Linux 10
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn’t bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
2025-08-28
8.5
CVE-2025-8067

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-32468

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-35984

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-46407

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-50129

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-52456

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-52930

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-53085

SAIL Image Decoding Library–SAIL Image Decoding Library
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
2025-08-25
8.8
CVE-2025-53510

Securden–Unified PAM
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
2025-08-25
9.8
CVE-2025-53118

Securden–Unified PAM
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.
2025-08-25
9.4
CVE-2025-53120

Securden–Unified PAM
An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.
2025-08-25
7.5
CVE-2025-53119

Securden–Unified PAM
Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.
2025-08-25
7.2
CVE-2025-6737

shmish111–WP Admin Theme
Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0.
2025-08-28
7.1
CVE-2025-48325

Solwin–Blog Designer PRO
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7.
2025-08-31
8.1
CVE-2025-47696

SourceCodester–Bakeshop Online Ordering System
A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
2025-08-29
7.3
CVE-2025-9660

SourceCodester–Human Resource Information System
A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used.
2025-08-26
7.3
CVE-2025-9475

SourceCodester–Human Resource Information System
A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
2025-08-26
7.3
CVE-2025-9476

SourceCodester–Online Bank Management System
A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
2025-08-26
7.3
CVE-2025-9473

SourceCodester–Online Book Store
A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
2025-08-30
7.3
CVE-2025-9700

SourceCodester–Online Polling System Code
A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may be performed from a remote location. The exploit is now public and may be used.
2025-08-30
7.3
CVE-2025-9699

SourceCodester–Simple Cafe Billing System
A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
2025-08-30
7.3
CVE-2025-9701

SourceCodester–Simple Cafe Billing System
A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /sales_report.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
2025-08-30
7.3
CVE-2025-9702

SourceCodester–Water Billing System
A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
2025-08-30
7.3
CVE-2025-9704

SourceCodester–Water Billing System
A weakness has been identified in SourceCodester Water Billing System 1.0. Affected is an unknown function of the file /paybill.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
2025-08-30
7.3
CVE-2025-9705

SourceCodester–Water Billing System
A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
2025-08-30
7.3
CVE-2025-9706

SteelThemes–Nest Addons
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3.
2025-08-28
9.3
CVE-2025-54720

Tenda–AC1206
A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
2025-08-27
9.8
CVE-2025-9523

Tenda–AC21
A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
2025-08-29
9.8
CVE-2025-9605

Tenda–CH22
A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
2025-08-26
8.8
CVE-2025-9443

Tenda–CH22
A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote.
2025-08-31
8.8
CVE-2025-9748

thaihavnn07–ATT YouTube Widget
Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0.
2025-08-28
7.1
CVE-2025-48359

The Biosig Project–libbiosig
A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2025-08-25
9.8
CVE-2025-48005

The Biosig Project–libbiosig
An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2025-08-25
9.8
CVE-2025-52581

The Biosig Project–libbiosig
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2025-08-25
9.8
CVE-2025-53511

The Biosig Project–libbiosig
An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2025-08-25
9.8
CVE-2025-53518

The Biosig Project–libbiosig
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2025-08-25
9.8
CVE-2025-53853

The Biosig Project–libbiosig
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
2025-08-25
9.8
CVE-2025-54462

The Biosig Project–libbiosig
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3: else if (tag==3) { // character code char v[17]; // [1] if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len); curPos += ifread(&v,1,len,hdr); v[len] = 0; In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.
2025-08-25
9.8
CVE-2025-54481

The Biosig Project–libbiosig
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12: else if (tag==12) //0x0C { // sampling resolution if (len>6) fprintf(stderr,"Warning MFER tag12 incorrect length %i>6\n",len); val32 = 0; int8_t v8; curPos += ifread(&UnitCode,1,1,hdr); curPos += ifread(&v8,1,1,hdr); curPos += ifread(buf,1,len-2,hdr); In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path.
2025-08-25
9.8
CVE-2025-54487

Acronis–Acronis Cyber Protect Cloud Agent
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296.
2025-08-28
not yet calculated
CVE-2025-48963

Acronis–Acronis Cyber Protect Cloud Agent
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734.
2025-08-28
not yet calculated
CVE-2025-9578

activePDF–WebGrabber
activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.
2025-08-30
not yet calculated
CVE-2008-20001

airlinklabs–daemon
Airlink’s Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1.
2025-08-25
not yet calculated
CVE-2025-57802

alextselegidis–Easy!Appointments
alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.
2025-08-25
not yet calculated
CVE-2025-50383

Apache Friends–XAMPP
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3’s default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
2025-08-30
not yet calculated
CVE-2012-10062

Apache Software Foundation–Apache Cassandra
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.
2025-08-25
not yet calculated
CVE-2025-26467

Apple–macOS
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
2025-08-29
not yet calculated
CVE-2024-44271

Apple–macOS
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
2025-08-29
not yet calculated
CVE-2024-54554

Apple–macOS
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.
2025-08-29
not yet calculated
CVE-2024-54568

Apple–macOS
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbitrary code.
2025-08-29
not yet calculated
CVE-2025-43187

Apple–macOS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
2025-08-29
not yet calculated
CVE-2025-43255

Apple–macOS
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.
2025-08-29
not yet calculated
CVE-2025-43268

Apple–macOS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
2025-08-29
not yet calculated
CVE-2025-43284

Arcserve–Unified Data Protection (UDP)
An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms without valid credentials and access administrator-level features. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue.
2025-08-27
not yet calculated
CVE-2025-34520

Arcserve–Unified Data Protection (UDP)
A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by another user, execute arbitrary JavaScript in the victim’s browser. Successful exploitation may lead to session hijacking, credential theft, or other client-side impacts. The vulnerability requires user interaction and occurs within a shared browser context. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue.
2025-08-27
not yet calculated
CVE-2025-34521

Arcserve–Unified Data Protection (UDP)
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote code execution. Exploitation occurs in the context of the affected process and does not require user interaction. The vulnerability poses a high risk due to its pre-authentication nature and potential for full compromise. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue.
2025-08-27
not yet calculated
CVE-2025-34522

Arcserve–Unified Data Protection (UDP)
A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted data, a remote attacker can corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. This vulnerability is similar in nature to CVE-2025-34522 but affects a separate code path or component. No user interaction is required, and exploitation occurs in the context of the vulnerable process. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue.
2025-08-27
not yet calculated
CVE-2025-34523

Atera–Nagios XI 2024R2
A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user’s session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.
2025-08-26
not yet calculated
CVE-2025-56432

azu–request-filtering-agent
request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library’s SSRF protection. The vulnerability is particularly dangerous when the application accepts user-controlled URLs and internal services are only protected by network-level restrictions. This vulnerability has been fixed in request-filtering-agent version 2.0.0. Users should upgrade to version 2.0.0 or later.
2025-08-25
not yet calculated
CVE-2025-57814

Belkin International, Inc.–Bulldog Plus UPS Monitoring Software
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication.
2025-08-30
not yet calculated
CVE-2009-20009

BS.Player–BS.Player Free and Pro Editions
BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client.
2025-08-30
not yet calculated
CVE-2010-10016

Catalyst–Mahara
Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported.
2025-08-25
not yet calculated
CVE-2023-47799

Catalyst–Mahara
Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system.
2025-08-26
not yet calculated
CVE-2024-35203

Catalyst–Mahara
Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the ‘Current submissions’ page: Administration -> Groups -> Submissions.
2025-08-26
not yet calculated
CVE-2024-39335

Catalyst–Mahara
An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person.
2025-08-25
not yet calculated
CVE-2024-39923

Catalyst–Mahara
In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.
2025-08-26
not yet calculated
CVE-2024-45753

Catalyst–Mahara
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download.
2025-08-26
not yet calculated
CVE-2024-47192

Catalyst–Mahara
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
2025-08-26
not yet calculated
CVE-2024-47853

Catalyst–Mahara
Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
2025-08-26
not yet calculated
CVE-2025-29992

CGM–CGM CLININET
In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code via the "CopyCounter" parameter.
2025-08-27
not yet calculated
CVE-2025-2313

CGM–CGM CLININET
Stored XSS vulnerability exists in the "OddziaÅ‚" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.
2025-08-27
not yet calculated
CVE-2025-30036

CGM–CGM CLININET
The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp.
2025-08-27
not yet calculated
CVE-2025-30037

CGM–CGM CLININET
The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources.
2025-08-27
not yet calculated
CVE-2025-30038

CGM–CGM CLININET
Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges.
2025-08-27
not yet calculated
CVE-2025-30039

CGM–CGM CLININET
The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint.
2025-08-27
not yet calculated
CVE-2025-30040

CGM–CGM CLININET
The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs.
2025-08-27
not yet calculated
CVE-2025-30041

CGM–CGM CLININET
The "serverConfig" endpoint, which returns the module configuration including credentials, is accessible without authentication.
2025-08-27
not yet calculated
CVE-2025-30048

CGM–CGM CLININET
The "system" function receives untrusted input from the user. If the "EnableJSCaching" option is enabled, it is possible to execute arbitrary code provided as the "Module" parameter.
2025-08-27
not yet calculated
CVE-2025-30055

CGM–CGM CLININET
The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system.
2025-08-27
not yet calculated
CVE-2025-30056

CGM–CGM CLININET
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function.
2025-08-27
not yet calculated
CVE-2025-30057

CGM–CGM CLININET
In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter.
2025-08-27
not yet calculated
CVE-2025-30058

CGM–CGM CLININET
In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection.
2025-08-27
not yet calculated
CVE-2025-30059

CGM–CGM CLININET
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter.
2025-08-27
not yet calculated
CVE-2025-30060

CGM–CGM CLININET
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter.
2025-08-27
not yet calculated
CVE-2025-30061

CGM–CGM CLININET
The configuration file containing database logins and passwords is readable by any local user.
2025-08-27
not yet calculated
CVE-2025-30063

CGM–CGM CLININET
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to generate a session for any user.
2025-08-27
not yet calculated
CVE-2025-30064

Changsha SPON Communication Technology Co. Ltd.–SPON IP Network Broadcast System
SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined.
2025-08-27
not yet calculated
CVE-2024-13982

Checkmk–Checkmk Exchange
Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.
2025-08-28
not yet calculated
CVE-2025-58123

Checkmk–Checkmk Exchange
Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.
2025-08-28
not yet calculated
CVE-2025-58124

Checkmk–Checkmk Exchange
Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic.
2025-08-28
not yet calculated
CVE-2025-58125

Checkmk–Checkmk Exchange
Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic.
2025-08-28
not yet calculated
CVE-2025-58126

Checkmk–Checkmk Exchange
Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.
2025-08-28
not yet calculated
CVE-2025-58127

Cisco–Cisco Unified Computing System (Managed)
A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role.
2025-08-27
not yet calculated
CVE-2025-20296

CivetWeb–CivetWeb
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.
2025-08-29
not yet calculated
CVE-2025-55763

ContentKeeper Technologies–ContentKeeper Web Appliance
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.
2025-08-30
not yet calculated
CVE-2009-20011

coolLabs Technologies–Coolify
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to delete the project or its associated resource, the payload executes in the admin’s browser context. This results in full compromise of the Coolify instance, including theft of API tokens, session cookies, and access to WebSocket-based terminal sessions on managed servers.
2025-08-27
not yet calculated
CVE-2025-34157

coolLabs Technologies–Coolify
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server.
2025-08-27
not yet calculated
CVE-2025-34159

coolLabs Technologies–Coolify
Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise.
2025-08-27
not yet calculated
CVE-2025-34161

craftcms–cms
Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7.
2025-08-25
not yet calculated
CVE-2025-57811

Cursor–Cursor
The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Cursor, potentially disguising attacker’s malicious intent. This issue was detected in 15.4.1 version of Cursor. Project maintainers decided not to fix this issue, because a scenario including a local attacker falls outside their defined threat model.
2025-08-26
not yet calculated
CVE-2025-9190

D-Link–DCS-825L
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
2025-08-27
not yet calculated
CVE-2025-55582

D-Link–DI-8100
D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long values for these parameters.
2025-08-25
not yet calculated
CVE-2025-51281

D-Link–DIR-110
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
2025-08-27
not yet calculated
CVE-2018-25115

D-Link–DIR-868L
D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests.
2025-08-28
not yet calculated
CVE-2025-55583

D-Link–DSL-7740C
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request.
2025-08-25
not yet calculated
CVE-2025-29514

D-Link–DSL-7740C
Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device’s XML database, including the administrator’s password.
2025-08-25
not yet calculated
CVE-2025-29515

D-Link–DSL-7740C
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function.
2025-08-25
not yet calculated
CVE-2025-29516

D-Link–DSL-7740C
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function.
2025-08-25
not yet calculated
CVE-2025-29517

D-Link–DSL-7740C
A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.
2025-08-25
not yet calculated
CVE-2025-29519

D-Link–DSL-7740C
Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges.
2025-08-25
not yet calculated
CVE-2025-29520

D-Link–DSL-7740C
Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.
2025-08-25
not yet calculated
CVE-2025-29521

D-Link–DSL-7740C
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function.
2025-08-25
not yet calculated
CVE-2025-29522

D-Link–DSL-7740C
D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.
2025-08-25
not yet calculated
CVE-2025-29523

DASAN NETWORKS–DASAN GPON ONU H660WM
Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.
2025-08-25
not yet calculated
CVE-2025-29524

DASAN NETWORKS–DASAN GPON ONU H660WM
DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem’s control panel.
2025-08-25
not yet calculated
CVE-2025-29525

DASAN NETWORKS–DASAN GPON ONU H660WM
DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any authentication.
2025-08-25
not yet calculated
CVE-2025-44178

dataease–dataease
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2’s filtering logic and returns the H2 JDBC URL, allowing the "driver":"org.h2.Driver" to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12.
2025-08-25
not yet calculated
CVE-2025-57772

dataease–dataease
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.
2025-08-25
not yet calculated
CVE-2025-57773

Diebold Nixdorf–Vynamic Security Suite
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
2025-08-29
not yet calculated
CVE-2024-46916

Diebold Nixdorf–Vynamic Security Suite
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
2025-08-29
not yet calculated
CVE-2024-46917

Digital Arts Inc.–i- 6.0
Multiple i-ãƒ•ã‚£ãƒ«ã‚¿ãƒ¼ products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
2025-08-27
not yet calculated
CVE-2025-57846

Dogfood CRM–Dogfood CRM
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO.
2025-08-30
not yet calculated
CVE-2009-20010

DOS Co., Ltd.–SS1
Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker.
2025-08-28
not yet calculated
CVE-2025-46409

DOS Co., Ltd.–SS1
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker.
2025-08-28
not yet calculated
CVE-2025-52460

DOS Co., Ltd.–SS1
Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges.
2025-08-28
not yet calculated
CVE-2025-53396

DOS Co., Ltd.–SS1
SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges.
2025-08-28
not yet calculated
CVE-2025-53970

DOS Co., Ltd.–SS1
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker.
2025-08-28
not yet calculated
CVE-2025-54819

DOS Co., Ltd.–SS1
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker.
2025-08-28
not yet calculated
CVE-2025-58072

DOS Co., Ltd.–SS1
Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges.
2025-08-28
not yet calculated
CVE-2025-58081

eventlet–eventlet
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients.
2025-08-29
not yet calculated
CVE-2025-58068

Exiv2–exiv2
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.
2025-08-29
not yet calculated
CVE-2025-54080

Exiv2–exiv2
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
2025-08-29
not yet calculated
CVE-2025-55304

Feijiu Medical Technology Co., Ltd.–Bian Que Feijiu Intelligent Emergency and Quality Control System
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input in the strOpid parameter, allowing attackers to inject arbitrary SQL statements. This can lead to data exfiltration, authentication bypass, and potentially remote code execution, depending on backend configuration. The vulnerability is presumed to affect builds released prior to June 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC.
2025-08-27
not yet calculated
CVE-2025-34162

FreePBX–security-reporting
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
2025-08-28
not yet calculated
CVE-2025-57819

Fujian Apex Software Co. Ltd.–LiveBOS
LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload crafted files outside the intended directory structure via path traversal in the filename parameter. Successful exploitation may lead to remote code execution on the server, enabling full system compromise. The vulnerability is presumed to affect builds released prior to August 2024 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC.
2025-08-27
not yet calculated
CVE-2024-13981

GitHub–Enterprise Server
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the name of a private repository along with its branches, tags, or commit SHAs that they could use to trigger compare/diff functionality and retrieve limited code without proper authorization. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5. This vulnerability was reported via the GitHub Bug Bounty program.
2025-08-26
not yet calculated
CVE-2025-8447

github.com/gorilla/csrf–github.com/gorilla/csrf
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can’t get it to submit to https://example.com because the Origin header is checked with sameOrigin against a synthetic URL. However, if a host is added to TrustedOrigins, both its HTTP and HTTPS origins will be allowed, because the schema of the synthetic URL is ignored and only the host is checked. For example, if an application is hosted on https://example.com and adds example.net to TrustedOrigins, a network attacker can serve a form at http://example.net to perform the attack. Applications should migrate to net/http.CrossOriginProtection, introduced in Go 1.25. If that is not an option, a backport is available as a module at filippo.io/csrf, and a drop-in replacement for the github.com/gorilla/csrf API is available at filippo.io/csrf/gorilla.
2025-08-29
not yet calculated
CVE-2025-47909

Google Cloud–Dataform
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers’ repositories via a maliciously crafted package.json file.
2025-08-25
not yet calculated
CVE-2025-9118

Google–Android
In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2023-21125

Google–Android
In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2024-49740

Google–Android
In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0074

Google–Android
In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0075

Google–Android
In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0078

Google–Android
In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0079

Google–Android
In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0080

Google–Android
In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0081

Google–Android
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0082

Google–Android
In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0083

Google–Android
In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0084

Google–Android
In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0086

Google–Android
In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0092

Google–Android
In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-0093

Google–Android
In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22403

Google–Android
In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22404

Google–Android
In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22405

Google–Android
In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22406

Google–Android
In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22407

Google–Android
In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22408

Google–Android
In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22409

Google–Android
In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22411

Google–Android
In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22412

Google–Android
In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-22413

Google–Android
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
2025-08-26
not yet calculated
CVE-2025-26417

Google–Chrome
Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
2025-08-26
not yet calculated
CVE-2025-9478

H3C Group–Intelligent Management Center (iMC)
H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC.
2025-08-27
not yet calculated
CVE-2024-13980

Hangzhou Shengqiao Technology Co. Ltd.–St. Joe ERP System ("ERP")
A SQL injection vulnerability exists in the St. Joe ERP system ("åœ£ä¹”ERPç³»ç»Ÿ") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC.
2025-08-27
not yet calculated
CVE-2024-13979

Hitron–CGNF-TWN Cable Modem
Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arbitrary commands through the telnet interface when prompted for inputs or commands. Successful exploitation could lead to remote code execution (RCE) under the privileges of the telnet user, potentially allowing unauthorized access to system settings and sensitive information.
2025-08-25
not yet calculated
CVE-2025-44179

Hyundai–Hyundai Navigation App
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
2025-08-27
not yet calculated
CVE-2025-55618

iND Co.,Ltd–HL330-DLS (for module MC7700)
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
2025-08-29
not yet calculated
CVE-2025-53507

iND Co.,Ltd–HL330-DLS (for module MC7700)
Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
2025-08-29
not yet calculated
CVE-2025-53508

Invoice Ninja–Invoice Ninja
Invoice Ninja’s configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application’s context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator’s credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in version 5.0.175
2025-08-26
not yet calculated
CVE-2025-8700

Kapsch–TrafficCom RIS-9160, RIS-9260
Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.
2025-08-26
not yet calculated
CVE-2025-25733

Konica Minolta, Inc.–Multiple products in bizhub series
Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
2025-08-29
not yet calculated
CVE-2025-54777

Liferay–Portal
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService.
2025-08-29
not yet calculated
CVE-2025-43773

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we’re not doing async, the handling is much simpler. There’s no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I’m not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix easier.
2025-08-28
not yet calculated
CVE-2024-58240

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximum length.
2025-08-26
not yet calculated
CVE-2025-38676

Linux–Linux
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x17e/0x800 mm/kasan/report.c:480 kasan_report+0x147/0x180 mm/kasan/report.c:593 data_blkaddr fs/f2fs/f2fs.h:3053 [inline] f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline] f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855 f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195 prepare_write_begin fs/f2fs/data.c:3395 [inline] f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594 generic_perform_write+0x2c7/0x910 mm/filemap.c:4112 f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline] f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x546/0xa90 fs/read_write.c:686 ksys_write+0x149/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is in the corrupted image, there is a dnode has the same node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to access block address in dnode at offset 934, however it parses the dnode as inode node, so that get_dnode_addr() returns 360, then it tries to access page address from 360 + 934 * 4 = 4096 w/ 4 bytes. To fix this issue, let’s add sanity check for node id of all direct nodes during f2fs_get_dnode_of_data().
2025-08-30
not yet calculated
CVE-2025-38677

LSTM-Kirigaya–openmcp-client
LSTM-Kirigaya’s openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12.
2025-08-28
not yet calculated
CVE-2025-58062

LumaSoft–fotoShare Cloud
Client-side password validation (CWE-602) in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums.
2025-08-27
not yet calculated
CVE-2025-56694

lycheeverse–lychee-action
lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2.
2025-08-28
not yet calculated
CVE-2024-48908

MacVim–MacVim
MacVim’s configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application’s context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator’s credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in build r181.2
2025-08-26
not yet calculated
CVE-2025-8597

MANWAR–CGI::Simple
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters. As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks. The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete. Impact By injecting %0A (newline) into a query string parameter, an attacker can: * Break the current HTTP header * Inject a new header or entire body * Deliver a script payload that is reflected in the server’s response That can lead to the following attacks: * reflected XSS * open redirect * cache poisoning * header manipulation
2025-08-29
not yet calculated
CVE-2025-40927

Meitrack–T366G-L GPS Tracker
Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of sensitive configuration data such as APN credentials, backend server information, and network parameter
2025-08-28
not yet calculated
CVE-2025-51643

Microsoft–Windows
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.
2025-08-26
not yet calculated
CVE-2025-9491

MINOVA Information Services GmbH–TTA
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
2025-08-25
not yet calculated
CVE-2025-7426

Mitrastar–GPT-2741GNAC-N2
Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (quotes included) to the argument of this command will drop a root shell.
2025-08-26
not yet calculated
CVE-2025-50753

mlc-ai–xgrammar
XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21.
2025-08-25
not yet calculated
CVE-2025-57809

Mosh-Pro–Mosh-Pro
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker’s malicious intent. This issue was detected in 1.3.2 version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown.
2025-08-26
not yet calculated
CVE-2025-53811

Moxa–Utility for DRP-A100 Series
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems.
2025-08-25
not yet calculated
CVE-2025-5191

n/a–AbanteCart
Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
2025-08-26
not yet calculated
CVE-2025-50971

n/a–AbanteCart
SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP(), and UNION-based injection to extract arbitrary data.
2025-08-27
not yet calculated
CVE-2025-50972

n/a–Adminer
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention.
2025-08-25
not yet calculated
CVE-2025-43960

n/a–Badaso CMS
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension.
2025-08-26
not yet calculated
CVE-2025-52353

n/a–Bevy
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI.
2025-08-27
not yet calculated
CVE-2025-54598

n/a–copyparty
Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function.
2025-08-29
not yet calculated
CVE-2023-41471

n/a–CraftCMS Freeform
Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title).
2025-08-27
not yet calculated
CVE-2025-52122

n/a–diskover-web
diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE and others can be crafted to inject arbitrary SQLite expressions wrapped in JSON functions. By exploiting these injection points, an attacker can infer or extract sensitive information from the underlying database without authentication. This issue stems from improper input validation and parameterization in the application’s JSON-based query construction.
2025-08-27
not yet calculated
CVE-2025-50984

n/a–diskover-web
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS) flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q (query), and doctype are directly echoed into the HTML response, allowing attackers to inject and execute arbitrary JavaScript when a victim visits a maliciously crafted URL.
2025-08-27
not yet calculated
CVE-2025-50985

n/a–diskover-web
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Various configuration fields such as ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, EXCLUDES_FILES, FILE_TYPES[], INCLUDES_DIRS, INCLUDES_FILES, and TIMEZONE do not properly sanitize user-supplied input. Malicious payloads submitted via these parameters are persisted in the application and executed whenever an administrator views or edits the settings page.
2025-08-27
not yet calculated
CVE-2025-50986

n/a–docmost
Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code
2025-08-25
not yet calculated
CVE-2025-55574

n/a–Evope Core
An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
2025-08-29
not yet calculated
CVE-2025-56577

n/a–FormCMS
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.
2025-08-28
not yet calculated
CVE-2025-56236

n/a–FoxCMS
FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.
2025-08-25
not yet calculated
CVE-2025-55409

n/a–FoxCMS
In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus.
2025-08-27
not yet calculated
CVE-2025-55422

n/a–Gitblit
In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient input sanitization of filename elements.
2025-08-27
not yet calculated
CVE-2025-50978

n/a–Helpy.io
Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.
2025-08-26
not yet calculated
CVE-2025-52184

n/a–IPFire
The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of the following parameters BYTE_UNIT, DAY_BEGIN, DAY_END, HIST_LEVEL, MONTH_BEGIN, MONTH_END, NUM_CONTENT, NUM_DOMAINS, NUM_HOSTS, NUM_URLS, PERF_INTERVAL, YEAR_BEGIN, YEAR_END.
2025-08-26
not yet calculated
CVE-2025-50974

n/a–IPFire
IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed whenever another admin views the firewall rules page, enabling session hijacking, unauthorized actions within the interface, or further internal pivoting. Exploitation requires only high-privilege GUI access, and the complexity of the attack is low.
2025-08-26
not yet calculated
CVE-2025-50975

n/a–IPFire
IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
2025-08-26
not yet calculated
CVE-2025-50976

n/a–n/a
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
2025-08-26
not yet calculated
CVE-2025-25732

n/a–n/a
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.
2025-08-26
not yet calculated
CVE-2025-25734

n/a–n/a
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time.
2025-08-26
not yet calculated
CVE-2025-25735

n/a–n/a
Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the cellular modem via the default ‘kapsch’ user.
2025-08-26
not yet calculated
CVE-2025-25736

n/a–n/a
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack.
2025-08-26
not yet calculated
CVE-2025-25737

n/a–n/a
A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the ‘r’ parameter and allows attackers to inject malicious Angular expressions that execute JavaScript code in the context of the application. The flaw can be exploited through GET requests to the summary endpoint as well as POST requests to specific Wicket interface endpoints, though the GET method provides easier weaponization. This vulnerability enables authenticated administrators to execute arbitrary client-side code, potentially leading to session hijacking, data theft, or further privilege escalation attacks.
2025-08-27
not yet calculated
CVE-2025-50977

n/a–n/a
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlmap confirmed exploitation via stacked queries, demonstrating that the parameter can be abused to run arbitrary SQL statements. A heavy query was executed using SQLite’s RANDOMBLOB() and HEX() functions to simulate a time-based payload, indicating deep control over database interactions.
2025-08-27
not yet calculated
CVE-2025-50983

n/a–n8n-workflow
n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py
2025-08-26
not yet calculated
CVE-2025-55526

n/a–NodeBB
NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads.
2025-08-27
not yet calculated
CVE-2025-50979

n/a–NotesCMS
A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08) and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely.
2025-08-26
not yet calculated
CVE-2025-52035

n/a–NotesCMS
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.
2025-08-26
not yet calculated
CVE-2025-52036

n/a–NotesCMS
A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.
2025-08-26
not yet calculated
CVE-2025-52037

n/a–O2OA
O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function.
2025-08-27
not yet calculated
CVE-2024-37777

n/a–oa_system oasys
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
2025-08-29
not yet calculated
CVE-2025-44033

n/a–OPNsense
OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation grants RCE with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.
2025-08-27
not yet calculated
CVE-2025-50989

n/a–PerfreeBlog
PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
2025-08-25
not yet calculated
CVE-2025-29420

n/a–PerfreeBlog
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.
2025-08-25
not yet calculated
CVE-2025-29421

n/a–RaspAP
In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter.
2025-08-27
not yet calculated
CVE-2025-50428

n/a–Rebuild
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
2025-08-25
not yet calculated
CVE-2024-46412

n/a–Rebuild
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.
2025-08-25
not yet calculated
CVE-2024-46413

n/a–Rebuild
An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-decoded request path, and then determine whether the path endsWith /error. If so, execute return true to skip this Interceptor. Else, redirect to /user/login api. Allowing unauthenticated attackers to gain sensitive information or escalated privileges.
2025-08-25
not yet calculated
CVE-2025-50900

n/a–simple-admin-core
An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations.
2025-08-27
not yet calculated
CVE-2025-51667

n/a–SMM Panel
SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail.
2025-08-25
not yet calculated
CVE-2025-55575

n/a–sparkshop
Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component
2025-08-25
not yet calculated
CVE-2025-50722

n/a–spimsimulator
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory read/write to point to distinct memory segments within the virtual machine, it is possible to circumvent these checks.
2025-08-28
not yet calculated
CVE-2025-29364

n/a–System PDV
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users’ data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information.
2025-08-25
not yet calculated
CVE-2025-45968

n/a–Telpo MDM
Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device’s external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data.
2025-08-26
not yet calculated
CVE-2025-55443

n/a–WebErpMesv2
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server.
2025-08-25
not yet calculated
CVE-2025-52130

Nagios–Nagios XI
Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.
2025-08-28
not yet calculated
CVE-2024-13986

NAVER–NAVER MYBOX Explorer
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.
2025-08-28
not yet calculated
CVE-2025-58322

NAVER–NAVER MYBOX Explorer
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.
2025-08-29
not yet calculated
CVE-2025-58323

NetScaler–ADC
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX
2025-08-26
not yet calculated
CVE-2025-7775

NetScaler–ADC
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
2025-08-26
not yet calculated
CVE-2025-7776

NetScaler–ADC
Improper access control on the NetScaler Management Interface in NetScaler ADCâ€¯and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
2025-08-26
not yet calculated
CVE-2025-8424

NetSupport Ltd.–NetSupport Manager
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
2025-08-29
not yet calculated
CVE-2025-34164

NetSupport Ltd.–NetSupport Manager
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
2025-08-29
not yet calculated
CVE-2025-34165

norrnext.com–Quantum Mamanger component for Joomla
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads.
2025-08-25
not yet calculated
CVE-2025-54300

norrnext.com–Quantum Mamanger component for Joomla
A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped.
2025-08-25
not yet calculated
CVE-2025-54301

Nozbe–Nozbe
The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 2025.11 of Nozbe.
2025-08-26
not yet calculated
CVE-2025-53813

NSFOCUS–SecGate3600 Firewall
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.
2025-08-27
not yet calculated
CVE-2023-7308

Oberon microsystems AG–Oberon PSA Crypto
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
2025-08-29
not yet calculated
CVE-2025-7383

Oberon microsystems AG–Oberon PSA Crypto
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
2025-08-29
not yet calculated
CVE-2025-9071

Oberon microsystems AG–ocrypto
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
2025-08-29
not yet calculated
CVE-2025-7071

opencast–opencast
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.
2025-08-29
not yet calculated
CVE-2025-55202

OpenSolution–QuickCMS
QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin’s panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
2025-08-28
not yet calculated
CVE-2025-54540

OpenSolution–QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
2025-08-28
not yet calculated
CVE-2025-54541

OpenSolution–QuickCMS
QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim’s browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
2025-08-28
not yet calculated
CVE-2025-54542

OpenSolution–QuickCMS
QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
2025-08-28
not yet calculated
CVE-2025-54543

OpenSolution–QuickCMS
QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
2025-08-28
not yet calculated
CVE-2025-54544

OpenSolution–QuickCMS
QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin’s panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
2025-08-28
not yet calculated
CVE-2025-55175

OpenText–OpenText Enterprise Security Manager
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.
2025-08-25
not yet calculated
CVE-2025-3478

OpenText–OpenText Enterprise Security Manager
An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.
2025-08-25
not yet calculated
CVE-2025-8997

OpenText–Self Service Password Reset
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3.
2025-08-29
not yet calculated
CVE-2025-5808

parallax–jsPDF
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
2025-08-26
not yet calculated
CVE-2025-57810

Payload CMS–Payload
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). This issue has been fixed in version 3.44.0 of Payload.
2025-08-29
not yet calculated
CVE-2025-4643

Payload CMS–Payload
A Session Fixation vulnerability existed in Payload’s SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user. This issue has been fixed in version 3.44.0 of Payload.
2025-08-29
not yet calculated
CVE-2025-4644

PCRE2Project–pcre2
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:…) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.
2025-08-27
not yet calculated
CVE-2025-58050

PFU Limited–ScanSnap Manager installers
Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command.
2025-08-27
not yet calculated
CVE-2025-57797

phpgurukul–Hospital Management System
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
2025-08-25
not yet calculated
CVE-2025-56212

phpgurukul–Hospital Management System
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
2025-08-25
not yet calculated
CVE-2025-56214

phpgurukul–Hospital Management System
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
2025-08-25
not yet calculated
CVE-2025-56215

phpgurukul–Hospital Management System
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
2025-08-25
not yet calculated
CVE-2025-56216

PHPOffice–PhpSpreadsheet
PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0.
2025-08-25
not yet calculated
CVE-2025-54370

ProjectsAndPrograms–School Management System
A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser.
2025-08-28
not yet calculated
CVE-2025-51967

PuneethReddyHC–Online Shopping System Advanced
A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions.
2025-08-28
not yet calculated
CVE-2025-51968

PuneethReddyHC–Online Shopping System Advanced
A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement.
2025-08-28
not yet calculated
CVE-2025-51969

PuneethReddyHC–Online Shopping System Advanced
A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code.
2025-08-28
not yet calculated
CVE-2025-51971

PuneethReddyHC–Online Shopping System Advanced
A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
2025-08-28
not yet calculated
CVE-2025-51972

python-hyper–h2
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
2025-08-25
not yet calculated
CVE-2025-57804

Qi’anxin–TianQing Management Center
QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename parameter in multipart form-data requests, enabling path traversal. This allows attackers to place executable files in web-accessible directories, potentially leading to remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC.
2025-08-27
not yet calculated
CVE-2024-13984

Qingdao Dongsheng Weiye Software Co., Ltd.–Dongsheng Logistics Software
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST request. This allows remote code execution on the server, potentially leading to full system compromise. The vulnerability is presumed to affect builds released prior to July 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC.
2025-08-27
not yet calculated
CVE-2025-34163

QNAP Systems Inc.–File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
2025-08-29
not yet calculated
CVE-2025-29874

QNAP Systems Inc.–File Station 5
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later
2025-08-29
not yet calculated
CVE-2025-29890

QNAP Systems Inc.–File Station 5
A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later
2025-08-26
not yet calculated
CVE-2025-29901

QNAP Systems Inc.–HybridDesk Station
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later
2025-08-29
not yet calculated
CVE-2025-44015

QNAP Systems Inc.–License Center
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and later License Center 1.9.51 and later
2025-08-29
not yet calculated
CVE-2025-22483

QNAP Systems Inc.–Photo Station
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo Station 6.4.5 ( 2025/01/02 ) and later
2025-08-29
not yet calculated
CVE-2024-12923

QNAP Systems Inc.–Qsync Central
An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
2025-08-29
not yet calculated
CVE-2025-29893

QNAP Systems Inc.–Qsync Central
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
2025-08-29
not yet calculated
CVE-2025-29898

QNAP Systems Inc.–Qsync Central
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
2025-08-29
not yet calculated
CVE-2025-30260

QNAP Systems Inc.–Qsync Central
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later
2025-08-29
not yet calculated
CVE-2025-30261

QNAP Systems Inc.–Qsync Central
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later
2025-08-29
not yet calculated
CVE-2025-30262

QNAP Systems Inc.–Qsync Central
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
2025-08-29
not yet calculated
CVE-2025-30275

QNAP Systems Inc.–Qsync Central
An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
2025-08-29
not yet calculated
CVE-2025-30277

QNAP Systems Inc.–Qsync Central
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
2025-08-29
not yet calculated
CVE-2025-33033

QNAP Systems Inc.–QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-29882

QNAP Systems Inc.–QTS
A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-30264

QNAP Systems Inc.–QTS
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-30265

QNAP Systems Inc.–QTS
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-30270

QNAP Systems Inc.–QTS
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-30272

QNAP Systems Inc.–QTS
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-30273

QNAP Systems Inc.–QTS
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
2025-08-29
not yet calculated
CVE-2025-33032

QNAP Systems Inc.–QuRouter
A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later
2025-08-29
not yet calculated
CVE-2025-29887

QNAP Systems Inc.–VioStor
An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
2025-08-29
not yet calculated
CVE-2025-52856

QNAP Systems Inc.–VioStor
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later
2025-08-29
not yet calculated
CVE-2025-52861

Raxnet/Ian Berry–Cacti
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.
2025-08-30
not yet calculated
CVE-2005-10004

run-llama–run-llama/llama_index
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38.
2025-08-25
not yet calculated
CVE-2025-5302

Sangfor Technologies Co. Ltd.–Sangfor Behavior Management System (DC Management System)
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity definitions, leading to potential disclosure of internal files, server-side request forgery (SSRF), or other impacts depending on parser behavior. The vulnerability is due to improper configuration of the XML parser, which allows resolution of external entities without restriction. This product is now integrated into their IAM (Internet Access Management) platform and an affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2023-09-06 UTC.
2025-08-27
not yet calculated
CVE-2023-7307

SelectZero–Data Observability Platform
SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML.
2025-08-26
not yet calculated
CVE-2025-52217

SelectZero–Data Observability Platform
SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page.
2025-08-26
not yet calculated
CVE-2025-52218

SelectZero–Data Observability Platform
SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection.
2025-08-26
not yet calculated
CVE-2025-52219

Shanghai Aishu Information Technology Co., Ltd.–AnyShare
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC.
2025-08-27
not yet calculated
CVE-2025-34160

SolidInvoice–SolidInvoice
SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax Rate functionality.
2025-08-29
not yet calculated
CVE-2025-55579

SolidInvoice–SolidInvoice
SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client’s functionality.
2025-08-29
not yet calculated
CVE-2025-55580

SourceCodester–FAQ Management System
A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the ‘question’ and ‘answer’ fields via the update-faq.php endpoint.
2025-08-26
not yet calculated
CVE-2025-57425

SUNNET Technology Co., Ltd.–Corporate Training Management System
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
2025-08-30
not yet calculated
CVE-2025-54942

SUNNET Technology Co., Ltd.–Corporate Training Management System
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.
2025-08-30
not yet calculated
CVE-2025-54943

SUNNET Technology Co., Ltd.–Corporate Training Management System
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.
2025-08-30
not yet calculated
CVE-2025-54944

SUNNET Technology Co., Ltd.–Corporate Training Management System
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.
2025-08-30
not yet calculated
CVE-2025-54945

SUNNET Technology Co., Ltd.–Corporate Training Management System
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
2025-08-30
not yet calculated
CVE-2025-54946

Sunway–ForceControl
Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.
2025-08-30
not yet calculated
CVE-2011-10032

sveltejs–devalue
Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2
2025-08-26
not yet calculated
CVE-2025-57820

Tenda–AC10
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
2025-08-28
not yet calculated
CVE-2025-57215

Tenda–AC10
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
2025-08-28
not yet calculated
CVE-2025-57217

Tenda–AC10
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
2025-08-28
not yet calculated
CVE-2025-57218

Tenda–AC10
Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.
2025-08-28
not yet calculated
CVE-2025-57219

Tenda–AC10
An input validation flaw in the ‘ate’ service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
2025-08-28
not yet calculated
CVE-2025-57220

Tenda–AC6
Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
2025-08-27
not yet calculated
CVE-2025-55495

Tenda–AC8
An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device.
2025-08-28
not yet calculated
CVE-2025-52054

The-Scratch-Channel–tsc-web-client
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who’s logged in. This issue has been patched in version 1.2.
2025-08-25
not yet calculated
CVE-2025-57805

tokio-rs–tracing
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.
2025-08-29
not yet calculated
CVE-2025-58160

TP-Link Systems Inc.–Archer C7(EU) V2
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It’s recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).
2025-08-29
not yet calculated
CVE-2025-9377

TP-Link Systems Inc.–TP-Link KP303 (US) Smartplug
The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
2025-08-25
not yet calculated
CVE-2025-8627

TRENDnet–TV-IP410
TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
2025-08-29
not yet calculated
CVE-2024-46484

Ubiquiti Inc–UISP Application
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
2025-08-28
not yet calculated
CVE-2025-48979

WM Downloader–WM Downloader
WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user.
2025-08-30
not yet calculated
CVE-2010-10017

Zhejiang Dahua Technology Co., Ltd.–EIMS
A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without sanitization or authentication. By sending crafted HTTP requests, attackers can inject OS-level commands that are executed on the server, leading to full system compromise. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-04-06 UTC.
2025-08-27
not yet calculated
CVE-2024-13985

Zhejiang Dahua Technology Co., Ltd.–Smart Park Integrated Management Platform
A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system. The vulnerability is presumed to affect builds released prior to September 2023 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-02-15 UTC.
2025-08-27
not yet calculated
CVE-2023-7309

Zhengzhou Jinhui Computer System Engineering Co. Ltd. ; Beijing Dazheng Human Language Technology Academy–Green Dam Youth Escort
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution.
2025-08-30
not yet calculated
CVE-2009-20008

AI Summary and Description: Yes

**Summary:** The provided content includes a comprehensive collection of documented vulnerabilities across various applications, systems, and devices, each accompanied by detailed descriptions, published dates, and CVSS scores. This abundance of vulnerability information can serve as a critical resource for security and compliance professionals seeking to understand and mitigate risks associated with specific software and hardware implementations.

**Detailed Description:**
The content presents a detailed listing of vulnerabilities, categorized into high, medium, low, and those yet to be assigned severity scores. Each entry follows a consistent format, providing essential details that assist security professionals in assessing the implications of these vulnerabilities. Key elements for every vulnerability include:

– **Vendor & Product:** Identifies the entity responsible for the software or hardware, and the specific product affected.

– **Description:** Outlines the nature of the vulnerability, how it can be exploited, and the potential impact on the system or application, including implications for data integrity, confidentiality, and service availability.

– **Published Date:** The date when the vulnerability was disclosed, enabling organizations to prioritize patching based on how current the threat is.

– **CVSS Score:** A numerical score that rates the severity of the vulnerability (from 0 to 10), facilitating quick comparisons between vulnerabilities and aiding in risk assessment.

Major points to note:
– **High-Profile Vulnerabilities:** Numerous high CVSS scores (above 7.0), indicating severe vulnerabilities such as remote code execution and SQL injection, present significant risks if not addressed promptly.

– **Common Vulnerability Types:** The data reveals common categories of vulnerabilities, such as SQL injection, cross-site scripting (XSS), command injection, and improper authentication, highlighting areas needing comprehensive security assessments.

– **Sector Diversity:** The vulnerabilities span a variety of sectors, including cloud services, IoT, web applications, and enterprise solutions, underscoring the universal nature of security challenges across different technologies.

– **Patching and Updates:** The advice to patch identified vulnerabilities indicates ongoing efforts within the cybersecurity community to remediate weaknesses and enhance security postures.

– **Notable Vulnerability Examples:** Specific entries like “CVE-2025-28576” highlight vulnerabilities in widely used systems or frameworks, showcasing the critical need for organizations to stay informed about evolving security threats.

Professionals tasked with securing infrastructure and applications should utilize this compilation of vulnerabilities to enhance their defensive measures, ensuring they are equipped with the most recent insights into potential threats and effective remediation strategies.

.NET /2 protocol 01 1 10 2 2024 2025 24 2460 2FA 3 3d 4 5 53 5G 7 800 a A10 abuse access access control access control vulnerability access management access permissions access token access tokens account ACPI Act actions adapter add-ons addresses administration administrators ads advanced after age agent agents AGI agnostic AI air Aker algorithm All alt AMD and Android Angular Animation Annotations apach Apache API app Apple Application application deployment applications arbitrary code execution arbitrary command execution arbitrary commands Arch architecture Aria ARM art as assessment assessments async at ated attack attacker attackers attacks attribute audio audit auditing authentication Authentication Bypass authentication bypass vulnerability authentication vulnerability authenticity authority authorization authorization server authors Auto availability avatar AWS backdoor backed backend backup based based buffer overflow based services Behavior being bert beyond BGP Bi binaries bio BitM Bluetooth board book bot bounds checking Bounds Write bounty program Box brain browser brute Buffer Overflow Bug bug bounty Bug Bounty program building built business Business Intelligence business processes by bypass Byte C C2 Cache caching calling capabilities CAPTCHA cell ceo certificate certificate validation chain challenge challenges channels checking Chinese chip Chrome Chromium CI CI/CD CIA CISA Cisco class CleaR client clients closed Cloud cloud data cloud service cloud services Cloudflare cluster cluster management co code code execution code inclusion code injection code modifications coding Col command Command Center command execution command injection Command Injection Vulnerability command line commerce commit communication community compilation complexity compliance compliance professionals Compose computation compute computer Computing computing system Condi confidentiality Configuration Consent construction consumption container containers content content management content management system Context control controlled data controllers controls cookies core cost cpp CPU creation credential credentials criteria critical CRM cross cross-site scripting cross-site scripting (XSS) Crypto cryptographic cryptographic keys CSA Curl Current Cursor custom Customer customer service CVE CVSS cyber cybersecurit Cybersecurity cybersecurity community D DAO dashboard data data access data exfiltration data extraction Data Integration data integrity data leak data leakage data manipulation data requests data theft data use data visualization data vulnerability database day de Debugging decoding decryption deep default default credentials default settings defensive measures DeFi definition definitions Dell Delta Delta Electronics demo denial Denial of Service Denial of Service (DoS) deployment depth deserialization design deterministic developer developer platform developers device digital digital experiences directive directory traversal disclosure disk encryption disruption diversity DNI DNS Docker Docker Compose document documentation domain domains DoS DoT Double downloader downtime drive dsl dual e E 3 E2 eBay edge editing education educational effective efficient Elasticsearch electro elevation of privilege elevation of privileges ELF email encoder encoding encryption encryption key encryption keys end endpoint endpoints Engineer engineering enterprise Enterprise Security Enterprise Server enterprise solutions Entra Entry environment environments EoL ERP error escalation escape escape sequences Ester EU evaluation event executable files execution exfiltration exp experience exploit Exploitation export extensions External extraction face fact factory reset fail fault feature features feedback file File System filesystem filippo filtering fine FIPS firewall firewall rules firmware first fixes flash flaws following for force attack framework frameworks free front FTC full function functionality g G2 Gateway Gen generated generation GIS git Git repository GitHub GitHub Enterprise Server Go Google Google Chrome Google Cloud governance GPON GPT grade grading grammar graph graphical user interface Group gs H h3 handling hardened hardware harm HashiCorp headers heap heap-based buffer overflow high Highlight hijacking hospital hosted hosting hostname HP HR http HTTP/2 HTTPS human hybrid Hyper Hyundai IAM IBM IBM Cloud ICO identifiers identity image impact implementation implications implicit in Inclusion information information disclosure information leak information technology infrastructure ingress injection injection attacks Injection vulnerability input validation insights installation installer installers Instance institutions Integer Underflow integrated management integration integrity Intel intelligence intent inter interaction interactions interface Interfaces intern internet internet access interoperability interpret inux io iOS IoT IPv6 Iron IRS issue ite J jack Java JavaScript JavaScript code Jax JetBrains job json JSON Web Token Just k kernel Key keys knowledge l language large lateral movement law leading learning least led Lee level level access Li library license life line Link Linux Linux Kernel Lite llama lm load Loader local local attacker local attackers local privilege escalation logging logic logistics logs long loop low M mac machine MacOS made Magic maintainers maintenance Malicious Actor malicious attack malicious code malicious data malicious intent malicious JavaScript malicious payload Malicious Use man management Management System managers manipulation markdown market matt max mcp measures media memory memory consumption memory corruption memory over memory usage Meta metadata Micro Microsoft Microsoft Windows mid middle middleware mini Mir mission mitigation ML mlc Mode model models ModI Monitor monitoring multi my N nation Naver NCA NetScaler NetScaler Gateway NetSupport network network access network firewall network services Networking networks neutral new news next nexus NFC Nginx NGO NIST Nix NLP no Node non non-root user Notation notes notifications npm NPU NSA Nvidia o observability observability platform OCR oE of off offline offs on one only ons oost open open-source open-source software operating system operation operations Operator opt options Oracle Orb organization organizations oriented ory oS oss other out output over ownership PAM parameter parental control Paris parsing party password requirements password reset passwords Patch patching path traversal path traversal vulnerability pattern matching pay pdf per performance permissions persistence phi phishing phishing attack Phishing Attacks physical access Pipeline pipelines platform platforms play plugin plugins point policy polling porting post Postgre Postgres PostgreSQL potential Power powered pre preparation privilege privilege escalation privileged access pro problem process processes processing product products professionals project project deployment projects prompt proof property protection protocol prototype proxy ps public Py Python Q quality quality control quantum queries question QUIC R R1 R2 rack rag rate Ray RCE RDP re react reading ready real real-time record recovery red Red Hat Red Hat Enterprise Linux Region Regions release releases remediation remediation strategies remote Remote Access remote attacker remote attackers Remote Code Execution remote command execution remote exploitation rendering report reporting repository representation Request Smuggling Requirements research resolution resource resource consumption resources response responsible restrictions retrieval return reuse review RFC right Risk Risk Assessment risks RMF Ro ROI Role Root root access Root Privileges RoT routers routing row RSA Rust s Sable safe sales sam sampling saving Scale schema SD search sec secrets sector secure secure storage security security and compliance security assessment security assessments security challenges security community security controls Security Flaw security mechanisms security posture security postures security professionals security proofs security suite security threat security threats security vulnerability Segment self selinux sensitive data sensitive files sensitive information sensitive information disclosure sequence serialization series server Server-Side Request Forgery servers service service architecture service availability service desk services session cookies session hijacking settings severity SHA Shadowserver Shadowserver Foundation shell commands short shot side Sig Signal Sim Simple single site request forgery site scripting size small Smuggling Snap snapshots SoC Socket software software installation solid solutions source source code source Platform source software Spark specific spoofing spreadsheet sql SQL Injection sqlite SRE SSE SSH SSL SSO stack Stack Overflow STAR start state Station storage stored strategies structured structured generation structures student information subnet subscription supply support support ticket SVG syntax synthetic syscall system system access system calls system compromise system integrity system operations system privileges system prompt systems T Tails takeover tamper tampering target targeted targeted attacks Task team tech technical techniques technologies technology ted telecom telecoms tenant terminal terminal emulator test text the theft threat threat model threats TikTok Time TLS to token tokens tool toolkit tools Tor TP TPM tracing tracker tracking traffic trained training transparency tree trial trie trust TSA turn twitter two type Ubiquiti UDP UI UK unauthenticated unauthorized access unauthorized data access under untrusted content up update updates upgrade upgrading ups US usage use user User Access user accounts user consent user control user credentials user data user interaction user interface Users uth utilization utils V V3 v6 val Valid Validation Valuation Vault vendor vents verification version vibe video video content ViewState Vim virtual virtual machine virtual servers Vision visualization vm VMware voice VPN vscode vulnerabilities vulnerability vulnerability information WAN Ware Watson Watsonx weaponization web web app web application web applications web interface web server web shell Web Tokens WebP website websocket Well Wi Wind Windows Windows security Windows system WordPress workflow workflows writing x X5 x86 XML XR XSS Yahoo YouTube yt z zero zone