US-CERT Vulnerability Summary for the Week of August 25, 2025
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000projects–Online Project Report Submission and Evaluation System | A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-26 | 7.3 | CVE-2025-9444 |
| 8bitkid–Yahoo! WebPlayer | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 8bitkid Yahoo! WebPlayer allows Reflected XSS. This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. | 2025-08-28 | 7.1 | CVE-2025-53215 |
| Aaron Axelsen–WPMU Ldap Authentication | Cross-Site Request Forgery (CSRF) vulnerability in Aaron Axelsen WPMU Ldap Authentication allows Stored XSS. This issue affects WPMU Ldap Authentication: from n/a through 5.0.1. | 2025-08-28 | 7.1 | CVE-2025-48343 |
| add-ons.org–Drag and Drop File Upload for Elementor Forms | Unrestricted Upload of File with Dangerous Type vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Upload a Web Shell to a Web Server. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a through 1.5.3. | 2025-08-28 | 10 | CVE-2025-49387 |
| Agiloft–Agiloft | Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30. | 2025-08-26 | 8.1 | CVE-2025-35115 |
| Agiloft–Agiloft | Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and the credentials could be cracked offline. Users should upgrade to Agiloft Release 30. | 2025-08-26 | 7.5 | CVE-2025-35114 |
| Ai3–QbiCRMGateway | The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | 2025-08-29 | 7.5 | CVE-2025-9639 |
| Arista Networks–EOS | On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication. | 2025-08-25 | 7.5 | CVE-2025-6188 |
| Assaf Parag–Poll, Survey & Quiz Maker Plugin by Opinion Stage | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Assaf Parag Poll, Survey & Quiz Maker Plugin by Opinion Stage allows PHP Local File Inclusion. This issue affects Poll, Survey & Quiz Maker Plugin by Opinion Stage: from n/a through 19.11.0. | 2025-08-28 | 7.5 | CVE-2025-53328 |
| asterisk–asterisk | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn’t in a previous 401 response’s WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response being sent, the get_authorization_header() function in res_pjsip_authenticator_digest will return a NULL. This wasn’t being checked before attempting to get the digest algorithm from the header which causes a SEGV. This issue has been patched in versions 20.15.2, 21.10.2, and 22.5.2. There are no workarounds. | 2025-08-28 | 7.5 | CVE-2025-57767 |
| bPlugins–Tiktok Feed | Missing Authorization vulnerability in bPlugins Tiktok Feed allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Tiktok Feed: from n/a through 1.0.21. | 2025-08-28 | 7.1 | CVE-2025-54710 |
| Campcodes–Advanced Online Voting System | A vulnerability was determined in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-30 | 7.3 | CVE-2025-9694 |
| Campcodes–Farm Management System | A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /review.php. The manipulation of the argument pid results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | 2025-08-31 | 7.3 | CVE-2025-9726 |
| Campcodes–Online Learning Management System | A security flaw has been discovered in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/login.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | 2025-08-31 | 7.3 | CVE-2025-9750 |
| Campcodes–Online Learning Management System | A weakness has been identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /login.php. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-08-31 | 7.3 | CVE-2025-9751 |
| Campcodes–Online Loan Management System | A weakness has been identified in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save_payment. Executing manipulation of the argument loan_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-08-27 | 7.3 | CVE-2025-9502 |
| Campcodes–Online Loan Management System | A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | 2025-08-27 | 7.3 | CVE-2025-9503 |
| Campcodes–Online Loan Management System | A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | 2025-08-27 | 7.3 | CVE-2025-9504 |
| Campcodes–Online Loan Management System | A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | 2025-08-27 | 7.3 | CVE-2025-9505 |
| Campcodes–Online Loan Management System | A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. | 2025-08-27 | 7.3 | CVE-2025-9506 |
| Campcodes–Online Loan Management System | A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | 2025-08-29 | 7.3 | CVE-2025-9678 |
| Campcodes–Online Loan Management System | A weakness has been identified in Campcodes Online Loan Management System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-08-31 | 7.3 | CVE-2025-9744 |
| Campcodes–Online Shopping System | A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-30 | 7.3 | CVE-2025-9691 |
| Campcodes–Online Shopping System | A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | 2025-08-30 | 7.3 | CVE-2025-9692 |
| Campcodes–Online Water Billing System | A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | 2025-08-25 | 7.3 | CVE-2025-9423 |
| Campcodes–Online Water Billing System | A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well. | 2025-08-26 | 7.3 | CVE-2025-9492 |
| Campcodes–Online Water Billing System | A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2025-08-31 | 7.3 | CVE-2025-9739 |
| Campcodes–Payroll Management System | A weakness has been identified in Campcodes Payroll Management System 1.0. The affected element is the function include of the file /index.php. This manipulation of the argument page causes file inclusion. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | 2025-08-27 | 7.3 | CVE-2025-9529 |
| captcha.eu–Captcha.eu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in captcha.eu Captcha.eu allows Reflected XSS. This issue affects Captcha.eu: from n/a through n/a. | 2025-08-28 | 7.1 | CVE-2025-53579 |
| Changing–Clinic Image System | Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code. | 2025-08-29 | 9.8 | CVE-2025-8857 |
| Changing–Clinic Image System | Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | 2025-08-29 | 7.5 | CVE-2025-8858 |
| Changing–TSA | TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents. | 2025-08-29 | 9.8 | CVE-2025-8861 |
| Cisco–Cisco NX-OS Software | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause the unexpected restart of the IS-IS process, which could cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device. | 2025-08-27 | 7.4 | CVE-2025-20241 |
| Cisco–Cisco Unified Computing System (Managed) | A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager. | 2025-08-27 | 7.1 | CVE-2025-20317 |
| CocoBasic–Neresa | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CocoBasic Neresa allows PHP Local File Inclusion. This issue affects Neresa: from n/a through 1.3. | 2025-08-28 | 8.1 | CVE-2025-49383 |
| code-projects–Human Resource Integrated System | A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_id results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-08-31 | 7.3 | CVE-2025-9733 |
| code-projects–Human Resource Integrated System | A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | 2025-08-31 | 7.3 | CVE-2025-9740 |
| code-projects–Human Resource Integrated System | A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /login_query12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-31 | 7.3 | CVE-2025-9741 |
| code-projects–Human Resource Integrated System | A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-08-31 | 7.3 | CVE-2025-9742 |
| code-projects–Human Resource Integrated System | A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-08-31 | 7.3 | CVE-2025-9743 |
| code-projects–Online Event Judging System | A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well. | 2025-08-29 | 7.3 | CVE-2025-9610 |
| code-projects–Simple Grading System | A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. | 2025-08-29 | 7.3 | CVE-2025-9662 |
| CodeYatri–Gutenify | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CodeYatri Gutenify allows PHP Local File Inclusion. This issue affects Gutenify: from n/a through 1.5.6. | 2025-08-28 | 7.5 | CVE-2025-53326 |
| Consensys–gnark | gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn’t converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0. | 2025-08-29 | 7.5 | CVE-2025-58157 |
| cuckoohello– | Cross-Site Request Forgery (CSRF) vulnerability in cuckoohello 百度分享按钮 allows Stored XSS. This issue affects 百度分享按钮: from n/a through 1.0.6. | 2025-08-28 | 7.1 | CVE-2025-48320 |
| dactum–Clickbank WordPress Plugin (Niche Storefront) | Cross-Site Request Forgery (CSRF) vulnerability in dactum Clickbank WordPress Plugin (Niche Storefront) allows Stored XSS. This issue affects Clickbank WordPress Plugin (Niche Storefront): from n/a through 1.3.5. | 2025-08-28 | 7.1 | CVE-2025-48353 |
| Dell–ThinOS 10 | Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | 2025-08-27 | 9.6 | CVE-2025-43728 |
| Dell–ThinOS 10 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure. | 2025-08-27 | 8.4 | CVE-2025-43730 |
| Dell–ThinOS 10 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | 2025-08-27 | 7.8 | CVE-2025-43729 |
| Dell–ThinOS 10 | Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access. | 2025-08-27 | 7.8 | CVE-2025-43882 |
| Delta Electronics–COMMGR | Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability. | 2025-08-26 | 8.6 | CVE-2025-53418 |
| Delta Electronics–COMMGR | Delta Electronics COMMGR has Code Injection vulnerability. | 2025-08-26 | 7.8 | CVE-2025-53419 |
| developers savyour–Savyour Affiliate Partner | Cross-Site Request Forgery (CSRF) vulnerability in developers savyour Savyour Affiliate Partner allows Stored XSS. This issue affects Savyour Affiliate Partner: from n/a through 2.1.4. | 2025-08-28 | 7.1 | CVE-2025-48306 |
| Dmitry V. (CEO of “UKR Solution”)–UPC/EAN/GTIN Code Generator | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Dmitry V. (CEO of “UKR Solution”) UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. | 2025-08-28 | 7.7 | CVE-2025-53588 |
| dyiosah–Ultimate twitter profile widget | Cross-Site Request Forgery (CSRF) vulnerability in dyiosah Ultimate twitter profile widget allows Stored XSS. This issue affects Ultimate twitter profile widget: from n/a through 1.0. | 2025-08-28 | 7.1 | CVE-2025-48321 |
| Dylan James–Zephyr Project Manager | Missing Authorization vulnerability in Dylan James Zephyr Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Zephyr Project Manager: from n/a through 3.3.201. | 2025-08-28 | 7.1 | CVE-2025-54714 |
| eboekhouden–e-Boekhouden.nl | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eboekhouden e-Boekhouden.nl allows Reflected XSS. This issue affects e-Boekhouden.nl: from n/a through 1.9.3. | 2025-08-28 | 7.1 | CVE-2025-53225 |
| emarket-design–Employee Directory Staff Listing & Team Directory Plugin for WordPress | Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through 4.5.3. | 2025-08-28 | 8.1 | CVE-2025-53243 |
| emarket-design–Employee Spotlight | Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight allows Object Injection. This issue affects Employee Spotlight: from n/a through 5.1.1. | 2025-08-28 | 8.1 | CVE-2025-53583 |
| emarket-design–WP Easy Contact | Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact allows Object Injection. This issue affects WP Easy Contact: from n/a through 4.0.1. | 2025-08-28 | 8.1 | CVE-2025-53572 |
| emarket-design–WP Ticket Customer Service Software & Support Ticket System | Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2. | 2025-08-28 | 8.1 | CVE-2025-53584 |
| emarket-design–YouTube Showcase | Improper Control of Generation of Code (‘Code Injection’) vulnerability in emarket-design YouTube Showcase allows Object Injection. This issue affects YouTube Showcase: from n/a through 3.5.1. | 2025-08-28 | 8.1 | CVE-2025-54731 |
| enituretechnology–Small Package Quotes USPS Edition | Deserialization of Untrusted Data vulnerability in enituretechnology Small Package Quotes – USPS Edition allows Object Injection. This issue affects Small Package Quotes – USPS Edition: from n/a through 1.3.9. | 2025-08-27 | 7.2 | CVE-2025-58218 |
| extendons–WooCommerce csv import export | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in extendons WooCommerce csv import export allows Path Traversal. This issue affects WooCommerce csv import export: from n/a through 2.0.6. | 2025-08-28 | 7.7 | CVE-2025-54029 |
| extremeidea–bidorbuy Store Integrator | Improper Control of Generation of Code (‘Code Injection’) vulnerability in extremeidea bidorbuy Store Integrator allows Remote Code Inclusion. This issue affects bidorbuy Store Integrator: from n/a through 2.12.0. | 2025-08-28 | 9.1 | CVE-2025-48100 |
| Favethemes–Houzez | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4. | 2025-08-28 | 8.1 | CVE-2025-49405 |
| favethemes–Houzez | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in favethemes Houzez allows Reflected XSS. This issue affects Houzez: from n/a through 4.1.1. | 2025-08-28 | 7.1 | CVE-2025-49407 |
| Gary Illyes–Google XML News Sitemap plugin | Cross-Site Request Forgery (CSRF) vulnerability in Gary Illyes Google XML News Sitemap plugin allows Stored XSS. This issue affects Google XML News Sitemap plugin: from n/a through 0.02. | 2025-08-28 | 7.1 | CVE-2025-48304 |
| gavias–Kipso | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in gavias Kipso allows PHP Local File Inclusion. This issue affects Kipso: from n/a through 1.3.4. | 2025-08-28 | 8.1 | CVE-2025-53578 |
| GeroNikolov–Instant Breaking News | Cross-Site Request Forgery (CSRF) vulnerability in GeroNikolov Instant Breaking News allows Stored XSS. This issue affects Instant Breaking News: from n/a through 1.0. | 2025-08-27 | 7.1 | CVE-2025-58217 |
| glpi-project–glpi | GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change the rules execution order. This issue has been patched in version 10.0.19. | 2025-08-27 | 7.5 | CVE-2025-53105 |
| Hamid Alinia–Login with phone number | Missing Authorization vulnerability in Hamid Alinia Login with phone number.This issue affects Login with phone number: from n/a through 1.6.93. | 2025-08-31 | 9.8 | CVE-2024-32832 |
| harness–harness | Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0. | 2025-08-29 | 8.8 | CVE-2025-58158 |
| HashiCorp–Vault | A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25. | 2025-08-28 | 7.5 | CVE-2025-6203 |
| Hikvision–HikCentral Professional | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | 2025-08-29 | 8.6 | CVE-2025-39247 |
| HKritesh009–Grocery List Management Web App | A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | 2025-08-31 | 7.3 | CVE-2025-9749 |
| honzat–Page Manager for Elementor | Missing Authorization vulnerability in honzat Page Manager for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | 2025-08-28 | 7.6 | CVE-2025-53230 |
| IBM–Cognos Command Center | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function. | 2025-08-26 | 7.8 | CVE-2025-1994 |
| IBM–Cognos Command Center | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | 2025-08-26 | 7.4 | CVE-2025-2697 |
| IBM–Security Verify Governance Identity Manager | IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used in further attacks against the system. | 2025-08-28 | 7.5 | CVE-2025-36003 |
| IBM–watsonx Orchestrate Cartridge for IBM Cloud Pak for Data | IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | 2025-08-30 | 7.6 | CVE-2025-0165 |
| ImageMagick–ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | 2025-08-26 | 7.5 | CVE-2025-55298 |
| ImageMagick–ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick’s 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | 2025-08-26 | 7.5 | CVE-2025-57803 |
| ISC–Kea | If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0. | 2025-08-27 | 7.5 | CVE-2025-40779 |
| itsourcecode–Apartment Management System | A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-08-25 | 7.3 | CVE-2025-9418 |
| itsourcecode–Apartment Management System | A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. | 2025-08-25 | 7.3 | CVE-2025-9419 |
| itsourcecode–Apartment Management System | A flaw has been found in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | 2025-08-25 | 7.3 | CVE-2025-9420 |
| itsourcecode–Apartment Management System | A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-25 | 7.3 | CVE-2025-9421 |
| itsourcecode–Apartment Management System | A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-08-26 | 7.3 | CVE-2025-9468 |
| itsourcecode–Apartment Management System | A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-08-26 | 7.3 | CVE-2025-9469 |
| itsourcecode–Apartment Management System | A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-08-26 | 7.3 | CVE-2025-9470 |
| itsourcecode–Apartment Management System | A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-08-26 | 7.3 | CVE-2025-9471 |
| itsourcecode–Apartment Management System | A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. | 2025-08-26 | 7.3 | CVE-2025-9472 |
| itsourcecode–Apartment Management System | A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-08-27 | 7.3 | CVE-2025-9507 |
| itsourcecode–Apartment Management System | A vulnerability was detected in itsourcecode Apartment Management System 1.0. The impacted element is an unknown function of the file /report/rented_info.php. The manipulation of the argument rsid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | 2025-08-27 | 7.3 | CVE-2025-9508 |
| itsourcecode–Apartment Management System | A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fair_info_all.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-08-27 | 7.3 | CVE-2025-9509 |
| itsourcecode–Apartment Management System | A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-08-27 | 7.3 | CVE-2025-9510 |
| itsourcecode–Apartment Management System | A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-08-27 | 7.3 | CVE-2025-9511 |
| itsourcecode–Apartment Management System | A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2025-08-28 | 7.3 | CVE-2025-9592 |
| itsourcecode–Apartment Management System | A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unit_status_info.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | 2025-08-28 | 7.3 | CVE-2025-9593 |
| itsourcecode–Apartment Management System | A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complain_info.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2025-08-28 | 7.3 | CVE-2025-9594 |
| itsourcecode–Apartment Management System | A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-08-29 | 7.3 | CVE-2025-9597 |
| itsourcecode–Apartment Management System | A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | 2025-08-29 | 7.3 | CVE-2025-9598 |
| itsourcecode–Apartment Management System | A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | 2025-08-29 | 7.3 | CVE-2025-9599 |
| itsourcecode–Apartment Management System | A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-08-29 | 7.3 | CVE-2025-9600 |
| itsourcecode–Apartment Management System | A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | 2025-08-29 | 7.3 | CVE-2025-9601 |
| itsourcecode–Apartment Management System | A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | 2025-08-29 | 7.3 | CVE-2025-9643 |
| itsourcecode–Apartment Management System | A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-29 | 7.3 | CVE-2025-9644 |
| itsourcecode–Apartment Management System | A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | 2025-08-29 | 7.3 | CVE-2025-9645 |
| itsourcecode–Apartment Management System | A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument user_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | 2025-08-31 | 7.3 | CVE-2025-9730 |
| itsourcecode–Online Tour and Travel Management System | A security flaw has been discovered in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /enquiry.php. Performing manipulation of the argument pid results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | 2025-08-25 | 7.3 | CVE-2025-9425 |
| itsourcecode–Online Tour and Travel Management System | A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited. | 2025-08-25 | 7.3 | CVE-2025-9426 |
| itsourcecode–Sports Management System | A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-28 | 7.3 | CVE-2025-9596 |
| itsourcecode–Student Information System | A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-08-30 | 7.3 | CVE-2025-9679 |
| Jason–Theme Blvd Widget Areas | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0. | 2025-08-28 | 7.1 | CVE-2025-53289 |
| JetBrains–IDE Services | In JetBrains IDE Services before 2025.5.0.1086, 2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves | 2025-08-28 | 8.1 | CVE-2025-58334 |
| Jinher–OA | A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-08-29 | 7.3 | CVE-2025-9669 |
| kamleshyadav–Miraculous Core Plugin | Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin allows Privilege Escalation. This issue affects Miraculous Core Plugin: from n/a through 2.0.7. | 2025-08-28 | 9.8 | CVE-2025-49388 |
| kasonzhao–SEO For Images | Cross-Site Request Forgery (CSRF) vulnerability in kasonzhao SEO For Images allows Stored XSS. This issue affects SEO For Images: from n/a through 1.0.0. | 2025-08-28 | 7.1 | CVE-2025-48307 |
| Koen Schuit–NextGEN Gallery Search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12. | 2025-08-28 | 7.1 | CVE-2025-53224 |
| LabRedesCefetRJ–WeGIA | WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11. | 2025-08-29 | 10 | CVE-2025-58159 |
| langflow-ai–langflow | Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time. | 2025-08-25 | 8.8 | CVE-2025-57760 |
| Linksys–E1700 | A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-27 | 8.8 | CVE-2025-9525 |
| Linksys–E1700 | A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-27 | 8.8 | CVE-2025-9526 |
| Linksys–E1700 | A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-27 | 8.8 | CVE-2025-9527 |
| Linksys–RE6250 | A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-26 | 8.8 | CVE-2025-9481 |
| Linksys–RE6250 | A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-26 | 8.8 | CVE-2025-9482 |
| Linksys–RE6250 | A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-26 | 8.8 | CVE-2025-9483 |
| magepeopleteam–WpEvently | Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8. | 2025-08-28 | 8.8 | CVE-2025-54742 |
| manfcarlo–WP Funnel Manager | Deserialization of Untrusted Data vulnerability in manfcarlo WP Funnel Manager allows Object Injection. This issue affects WP Funnel Manager: from n/a through 1.4.0. | 2025-08-28 | 9.8 | CVE-2025-52761 |
| Mojoomla–School Management | Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025). | 2025-08-31 | 9.9 | CVE-2025-31100 |
| nonletter–Newsletter subscription optin module | Cross-Site Request Forgery (CSRF) vulnerability in nonletter Newsletter subscription optin module allows Stored XSS. This issue affects Newsletter subscription optin module: from n/a through 1.2.9. | 2025-08-28 | 7.1 | CVE-2025-48308 |
| NooTheme–Jobmonster | Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9. | 2025-08-28 | 9.8 | CVE-2025-54738 |
| NVIDIA–NeMo Framework | NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-26 | 7.8 | CVE-2025-23312 |
| NVIDIA–NeMo Framework | NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-26 | 7.8 | CVE-2025-23313 |
| NVIDIA–NeMo Framework | NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-26 | 7.8 | CVE-2025-23314 |
| NVIDIA–NeMo Framework | NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-26 | 7.8 | CVE-2025-23315 |
| NVIDIA–NVIDIA NeMo Curator | NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-26 | 7.8 | CVE-2025-23307 |
| OffClicks–Invisible Optin | Cross-Site Request Forgery (CSRF) vulnerability in OffClicks Invisible Optin allows Stored XSS. This issue affects Invisible Optin: from n/a through 1.0. | 2025-08-28 | 7.1 | CVE-2025-48311 |
| ovatheme–Ireca | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5. | 2025-08-28 | 8.1 | CVE-2025-54716 |
| ovatheme–Ovatheme Events | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ovatheme Ovatheme Events allows PHP Local File Inclusion. This issue affects Ovatheme Events: from n/a through 1.2.8. | 2025-08-28 | 8.1 | CVE-2025-53576 |
| ovatheme.com–Event List | The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user’s capabilities prior to updating their profile in the el_update_profile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their capabilities to those of an administrator. | 2025-08-26 | 8.8 | CVE-2025-6366 |
| Paymenter–Paymenter | Paymenter is a free and open-source webshop solution for hostings. Prior to version 1.2.11, the ticket attachments functionality in Paymenter allows a malicious authenticated user to upload arbitrary files. This could result in sensitive data extraction from the database, credentials being read from configuration files, and arbitrary system commands being run under the web server user context. This vulnerability was patched by commit 87c3db4 and was released under the version 1.2.11 tag without any other code modifications compared to version 1.2.10. If upgrading is not immediately possible, administrators can mitigate this vulnerability with one or more of the following measures: updating nginx config to download attachments instead of executing them or disallowing access to /storage/ fully using a WAF such as Cloudflare. | 2025-08-28 | 10 | CVE-2025-58048 |
| pbmacintyre–RingCentral Communications Plugin FREE | The RingCentral Communications plugin for WordPress is vulnerable to Authentication Bypass due to improper validation within the ringcentral_admin_login_2fa_verify() function in versions 1.5 to 1.6.8. This makes it possible for unauthenticated attackers to log in as any user simply by supplying identical bogus codes. | 2025-08-28 | 9.8 | CVE-2025-7955 |
| PHPGurukul–Online Course Registration | A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | 2025-08-31 | 7.3 | CVE-2025-9729 |
| pierrelannoy–Vibes | The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-08-26 | 7.5 | CVE-2025-9172 |
| plone–volto | Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error. | 2025-08-28 | 7.5 | CVE-2025-58047 |
| pluggabl–Booster for WooCommerce PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘add_files_to_order’ function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site’s server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present. | 2025-08-29 | 8.1 | CVE-2024-13342 |
| PluginsPoint–Kento Splash Screen | Cross-Site Request Forgery (CSRF) vulnerability in PluginsPoint Kento Splash Screen allows Stored XSS. This issue affects Kento Splash Screen: from n/a through 1.4. | 2025-08-28 | 7.1 | CVE-2025-48351 |
| purethemes–Listeo-Core | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in purethemes Listeo-Core allows SQL Injection. This issue affects Listeo-Core: from n/a through 1.9.32. | 2025-08-28 | 8.5 | CVE-2025-49404 |
| RACOM–M!DGE2 | A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid. | 2025-08-26 | 7.2 | CVE-2025-36729 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn’t bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users. | 2025-08-28 | 8.5 | CVE-2025-8067 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-32468 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-35984 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-46407 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-50129 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-52456 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-52930 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-53085 |
| SAIL Image Decoding Library–SAIL Image Decoding Library | A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | 2025-08-25 | 8.8 | CVE-2025-53510 |
| Securden–Unified PAM | An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM. | 2025-08-25 | 9.8 | CVE-2025-53118 |
| Securden–Unified PAM | A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server. | 2025-08-25 | 9.4 | CVE-2025-53120 |
| Securden–Unified PAM | An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server. | 2025-08-25 | 7.5 | CVE-2025-53119 |
| Securden–Unified PAM | Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions. | 2025-08-25 | 7.2 | CVE-2025-6737 |
| shmish111–WP Admin Theme | Cross-Site Request Forgery (CSRF) vulnerability in shmish111 WP Admin Theme allows Stored XSS. This issue affects WP Admin Theme: from n/a through 1.0. | 2025-08-28 | 7.1 | CVE-2025-48325 |
| Solwin–Blog Designer PRO | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7. | 2025-08-31 | 8.1 | CVE-2025-47696 |
| SourceCodester–Bakeshop Online Ordering System | A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | 2025-08-29 | 7.3 | CVE-2025-9660 |
| SourceCodester–Human Resource Information System | A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | 2025-08-26 | 7.3 | CVE-2025-9475 |
| SourceCodester–Human Resource Information System | A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-26 | 7.3 | CVE-2025-9476 |
| SourceCodester–Online Bank Management System | A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-08-26 | 7.3 | CVE-2025-9473 |
| SourceCodester–Online Book Store | A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | 2025-08-30 | 7.3 | CVE-2025-9700 |
| SourceCodester–Online Polling System Code | A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may be performed from a remote location. The exploit is now public and may be used. | 2025-08-30 | 7.3 | CVE-2025-9699 |
| SourceCodester–Simple Cafe Billing System | A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-30 | 7.3 | CVE-2025-9701 |
| SourceCodester–Simple Cafe Billing System | A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /sales_report.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | 2025-08-30 | 7.3 | CVE-2025-9702 |
| SourceCodester–Water Billing System | A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | 2025-08-30 | 7.3 | CVE-2025-9704 |
| SourceCodester–Water Billing System | A weakness has been identified in SourceCodester Water Billing System 1.0. Affected is an unknown function of the file /paybill.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | 2025-08-30 | 7.3 | CVE-2025-9705 |
| SourceCodester–Water Billing System | A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | 2025-08-30 | 7.3 | CVE-2025-9706 |
| SteelThemes–Nest Addons | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3. | 2025-08-28 | 9.3 | CVE-2025-54720 |
| Tenda–AC1206 | A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | 2025-08-27 | 9.8 | CVE-2025-9523 |
| Tenda–AC21 | A security vulnerability has been detected in Tenda AC21 and AC23 16.03.08.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. Such manipulation of the argument mac leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-08-29 | 9.8 | CVE-2025-9605 |
| Tenda–CH22 | A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | 2025-08-26 | 8.8 | CVE-2025-9443 |
| Tenda–CH22 | A vulnerability was determined in Tenda CH22 1.0.0.1. Affected by this issue is the function fromIpsecitem of the file /goform/IPSECsave of the component httpd. Executing manipulation of the argument ipsecno can lead to stack-based buffer overflow. The attack may be performed from remote. | 2025-08-31 | 8.8 | CVE-2025-9748 |
| thaihavnn07–ATT YouTube Widget | Cross-Site Request Forgery (CSRF) vulnerability in thaihavnn07 ATT YouTube Widget allows Stored XSS. This issue affects ATT YouTube Widget: from n/a through 1.0. | 2025-08-28 | 7.1 | CVE-2025-48359 |
| The Biosig Project–libbiosig | A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-48005 |
| The Biosig Project–libbiosig | An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-52581 |
| The Biosig Project–libbiosig | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-53511 |
| The Biosig Project–libbiosig | An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-53518 |
| The Biosig Project–libbiosig | A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-53557 |
| The Biosig Project–libbiosig | A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-53853 |
| The Biosig Project–libbiosig | A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 9.8 | CVE-2025-54462 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0: if (tag==0) { if (len!=1) fprintf(stderr,”Warning MFER tag0 incorrect length %i!=1\n”,len); curPos += ifread(buf,1,len,hdr); } | 2025-08-25 | 9.8 | CVE-2025-54480 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3: else if (tag==3) { // character code char v[17]; // [1] if (len>16) fprintf(stderr,”Warning MFER tag2 incorrect length %i>16\n”,len); curPos += ifread(&v,1,len,hdr); v[len] = 0; In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path. | 2025-08-25 | 9.8 | CVE-2025-54481 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4: else if (tag==4) { // SPR if (len>4) fprintf(stderr,”Warning MFER tag4 incorrect length %i>4\n”,len); curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54482 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5: else if (tag==5) //0x05: number of channels { uint16_t oldNS=hdr->NS; if (len>4) fprintf(stderr,”Warning MFER tag5 incorrect length %i>4\n”,len); curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54483 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8779 of biosig.c on the current master branch (35a819fa), when the Tag is 6: else if (tag==6) // 0x06 “number of sequences” { // NRec if (len>4) fprintf(stderr,”Warning MFER tag6 incorrect length %i>4\n”,len); curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54484 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8785 of biosig.c on the current master branch (35a819fa), when the Tag is 8: else if (tag==8) { if (len>2) fprintf(stderr,”Warning MFER tag8 incorrect length %i>2\n”,len); curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54485 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8824 of biosig.c on the current master branch (35a819fa), when the Tag is 11: else if (tag==11) //0x0B { // Fs if (len>6) fprintf(stderr,”Warning MFER tag11 incorrect length %i>6\n”,len); double fval; curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54486 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8842 of biosig.c on the current master branch (35a819fa), when the Tag is 12: else if (tag==12) //0x0C { // sampling resolution if (len>6) fprintf(stderr,”Warning MFER tag12 incorrect length %i>6\n”,len); val32 = 0; int8_t v8; curPos += ifread(&UnitCode,1,1,hdr); curPos += ifread(&v8,1,1,hdr); curPos += ifread(buf,1,len-2,hdr); In addition to values of `len` greater than 130 triggering a buffer overflow, a value of `len` smaller than 2 will also trigger a buffer overflow due to an integer underflow when computing `len-2` in this code path. | 2025-08-25 | 9.8 | CVE-2025-54487 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8850 of biosig.c on the current master branch (35a819fa), when the Tag is 13: else if (tag==13) { if (len>8) fprintf(stderr,”Warning MFER tag13 incorrect length %i>8\n”,len); curPos += ifread(&buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54488 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63: else if (tag==63) { uint8_t tag2=255, len2=255; count = 0; while ((count<len) && !(FlagInfiniteLength && len2==0 && tag2==0)){ curPos += ifread(&tag2,1,1,hdr); curPos += ifread(&len2,1,1,hdr); if (VERBOSE_LEVEL==9) fprintf(stdout,”MFER: tag=%3i chan=%2i len=%-4i tag2=%3i len2=%3i curPos=%i %li count=%4i\n”,tag,chan,len,tag2,len2,curPos,iftell(hdr),(int)count); if (FlagInfiniteLength && len2==0 && tag2==0) break; count += (2+len2); curPos += ifread(&buf,1,len2,hdr); Here, the number of bytes read is not the Data Length decoded from the current frame in the file (`len`) but rather is a new length contained in a single octet read from the same input file (`len2`). Despite this, a stack-based buffer overflow condition can still occur, as the destination buffer is still `buf`, which has a size of only 128 bytes, while `len2` can be as large as 255. | 2025-08-25 | 9.8 | CVE-2025-54489 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64: else if (tag==64) //0x40 { // preamble char tmp[256]; // [1] curPos += ifread(tmp,1,len,hdr); In this case, the overflowed buffer is the newly-declared `tmp` \[1\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256. | 2025-08-25 | 9.8 | CVE-2025-54490 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9191 of biosig.c on the current master branch (35a819fa), when the Tag is 65: else if (tag==65) //0x41: patient event { // event table curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54491 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67: else if (tag==67) //0x43: Sample skew { int skew=0; // [1] curPos += ifread(&skew, 1, len,hdr); In this case, the address of the newly-defined integer `skew` \[1\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path. | 2025-08-25 | 9.8 | CVE-2025-54492 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9184 of biosig.c on the current master branch (35a819fa), when the Tag is 131: else if (tag==131) //0x83 { // Patient Age if (len!=7) fprintf(stderr,”Warning MFER tag131 incorrect length %i!=7\n”,len); curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54493 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9205 of biosig.c on the current master branch (35a819fa), when the Tag is 133: else if (tag==133) //0x85 { curPos += ifread(buf,1,len,hdr); | 2025-08-25 | 9.8 | CVE-2025-54494 |
| The Biosig Project–libbiosig | A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 8.1 | CVE-2025-46411 |
| The Biosig Project–libbiosig | An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | 2025-08-25 | 8.2 | CVE-2025-52461 |
| ThemeUniver–Glamer | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeUniver Glamer allows PHP Local File Inclusion. This issue affects Glamer: from n/a through 1.0.2. | 2025-08-28 | 8.1 | CVE-2025-53216 |
| TieLabs–Jannah | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in TieLabs Jannah allows PHP Local File Inclusion. This issue affects Jannah: from n/a through 7.4.1. | 2025-08-28 | 8.1 | CVE-2025-53334 |
| TOTOLINK–T10 | A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-27 | 7.3 | CVE-2025-9533 |
| UkrSolution–Barcode Scanner with Inventory & Order Manager | Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | 2025-08-31 | 7.1 | CVE-2024-32589 |
| undoIT–Theme Switcher Reloaded | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in undoIT Theme Switcher Reloaded allows Reflected XSS. This issue affects Theme Switcher Reloaded: from n/a through 1.1. | 2025-08-28 | 7.1 | CVE-2025-53223 |
| Unfoldwp–Magazine | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Unfoldwp Magazine allows PHP Local File Inclusion. This issue affects Magazine: from n/a through 1.2.2. | 2025-08-28 | 8.1 | CVE-2025-53248 |
| Unfoldwp–Magazine Elite | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Unfoldwp Magazine Elite allows PHP Local File Inclusion. This issue affects Magazine Elite: from n/a through 1.2.4. | 2025-08-28 | 8.1 | CVE-2025-53244 |
| Unfoldwp–Magazine Saga | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Unfoldwp Magazine Saga allows PHP Local File Inclusion. This issue affects Magazine Saga: from n/a through 1.2.7. | 2025-08-28 | 8.1 | CVE-2025-53227 |
| uxper–Golo | Authentication Bypass Using an Alternate Path or Channel vulnerability in uxper Golo allows Authentication Abuse. This issue affects Golo: from n/a through 1.7.0. | 2025-08-28 | 9.8 | CVE-2025-54725 |
| uxper–Golo | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. | 2025-08-28 | 7.1 | CVE-2025-54724 |
| valtimo-platform–valtimo-backend-libraries | Valtimo is a platform for Business Process Automation. In versions before 12.16.0.RELEASE, and from 13.0.0.RELEASE to before 13.1.2.RELEASE, any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to: running executables on the application host, inspecting and extracting data from the host environment or application properties, spring beans (application context, database pooling). The following conditions have to be met in order to perform this attack: the user must be logged in, have the admin role, and must have some knowledge about running scripts via a the Camunda/Operator engine. Version 12.16.0 and 13.1.2 have been patched. It is strongly advised to upgrade. If no scripting is needed in any of the processes, it could be possible to disable it altogether via the ProcessEngineConfiguration. However, this workaround could lead to unexpected side-effects. | 2025-08-28 | 9.1 | CVE-2025-58059 |
| videowhisper–Video Share VOD Turnkey Video Site Builder Script | The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrect nonce validation on the adminExport() function. This makes it possible for unauthenticated attackers to update settings and execute remote code when the Server command execution setting is enabled via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-28 | 8.8 | CVE-2025-7812 |
| WBW–WooBeWoo Product Filter Pro | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6. | 2025-08-28 | 9.3 | CVE-2025-39496 |
| web-able–BetPress | Cross-Site Request Forgery (CSRF) vulnerability in web-able BetPress allows Stored XSS. This issue affects BetPress: from n/a through 1.0.1 Lite. | 2025-08-28 | 7.1 | CVE-2025-48309 |
| wedevs–Dokan Pro | The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user’s identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors. | 2025-08-26 | 8.8 | CVE-2025-5931 |
| Welotec–EG400Mk2-D11001-000101 | The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and bypass authentication/authorization due to the use of hard-coded cryptographic key. | 2025-08-26 | 9.8 | CVE-2025-41702 |
| WPInterface–BlogMarks | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in WPInterface BlogMarks allows PHP Local File Inclusion. This issue affects BlogMarks: from n/a through 1.0.8. | 2025-08-28 | 8.1 | CVE-2025-53247 |
| xagio–Xagio SEO AI Powered SEO | The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract sensitive data from backups which can include the entire database and site’s files. | 2025-08-28 | 7.5 | CVE-2024-13807 |
| Xavier Media–XM-Backup | Cross-Site Request Forgery (CSRF) vulnerability in Xavier Media XM-Backup allows Stored XSS. This issue affects XM-Backup: from n/a through 0.9.1. | 2025-08-28 | 7.1 | CVE-2025-48109 |
| XmasB–XmasB Quotes | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in XmasB XmasB Quotes allows Reflected XSS. This issue affects XmasB Quotes: from n/a through 1.6.1. | 2025-08-28 | 7.1 | CVE-2025-53220 |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000projects–Online Project Report Submission and Evaluation System | A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-26 | 4.3 | CVE-2025-9434 |
| 1000projects–Online Project Report Submission and Evaluation System | A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | 2025-08-26 | 4.3 | CVE-2025-9438 |
| 1000projects–Online Project Report Submission and Evaluation System | A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | 2025-08-26 | 4.3 | CVE-2025-9439 |
| 1000projects–Online Project Report Submission and Evaluation System | A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used. | 2025-08-26 | 4.3 | CVE-2025-9440 |
| AA-Team–Pro Bulk Watermark Plugin for WordPress | Path Traversal: ‘…/…//’ vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0. | 2025-08-30 | 4.3 | CVE-2025-4956 |
| add-ons.org–PDF for Elementor Forms + Drag And Drop Template Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder allows Stored XSS. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 6.2.0. | 2025-08-27 | 6.5 | CVE-2025-58208 |
| AfterShip & Automizely–AfterShip Tracking | Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AfterShip Tracking: from n/a through 1.17.17. | 2025-08-27 | 5.3 | CVE-2025-58201 |
| Agiloft–Agiloft | Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially crafted payload. Users should upgrade to Agiloft Release 31. | 2025-08-26 | 5.9 | CVE-2025-35113 |
| Agiloft–Agiloft | Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows ‘import/export’, allowing an authenticated attacker to import the template file and perform path traversal on the local system files. Users should upgrade to Agiloft Release 31. | 2025-08-26 | 4.1 | CVE-2025-35112 |
| AiondaDotCom–mcp-ssh | A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve this issue. The patch is named cd2566a948b696501abfa6c6b03462cac5fb43d8. It is advisable to upgrade the affected component. | 2025-08-29 | 6.3 | CVE-2025-9654 |
| Akamai–AkamaiGhost | Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin server violates certain Internet standards. | 2025-08-29 | 4 | CVE-2025-54142 |
| alexvtn–Chatbox Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in alexvtn Chatbox Manager allows Stored XSS. This issue affects Chatbox Manager: from n/a through 1.2.6. | 2025-08-27 | 6.5 | CVE-2025-58211 |
| ameliabooking–Booking System Trafft | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ameliabooking Booking System Trafft allows Stored XSS. This issue affects Booking System Trafft: from n/a through 1.0.14. | 2025-08-27 | 6.5 | CVE-2025-58213 |
| Ashan Perera–LifePress | Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | 2025-08-28 | 5.4 | CVE-2025-53337 |
| asterisk–asterisk | Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. | 2025-08-28 | 6.5 | CVE-2025-54995 |
| aurelienlws–LWSCache | The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins. | 2025-08-29 | 4.3 | CVE-2025-8147 |
| Backup Bolt–Backup Bolt | Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1. | 2025-08-27 | 4.3 | CVE-2025-49040 |
| basecamp–google_sign_in | Basecamp’s Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the “same origin” check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a session cookie may be vulnerable, if this can be chained with an attack that allows injection of arbitrary data into the session cookie. This issue has been patched in version 1.3.0. If upgrading is not possible at this time, a way to mitigate the chained attack can be done by explicitly setting SameSite=Lax or SameSite=Strict on the application session cookie. | 2025-08-27 | 4.2 | CVE-2025-57821 |
| basecamp–google_sign_in | Basecamp’s Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the “proceed_to” value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library or the calling application. However, it may be possible to set this session value from a malicious site with a form submission. Any Rails applications using the google_sign_in gem may be vulnerable, if this vector can be chained with another attack that is able to modify the OAuth2 request parameters. This issue has been patched in version 1.3.1. There are no workarounds. | 2025-08-29 | 4.2 | CVE-2025-58067 |
| boldthemes–Bold Page Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in boldthemes Bold Page Builder allows Stored XSS. This issue affects Bold Page Builder: from n/a through 5.4.3. | 2025-08-27 | 6.5 | CVE-2025-58194 |
| bPlugins–B Slider | Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. | 2025-08-28 | 5.8 | CVE-2025-54734 |
| briancolinger–Ultimate Tag Warrior Importer | The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-29 | 4.3 | CVE-2025-9374 |
| chaimchaikin–Admin Menu Groups | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2. | 2025-08-27 | 5.9 | CVE-2025-49035 |
| chandrashekharsahu–Site Offline | Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Site Offline: from n/a through 1.5.7. | 2025-08-28 | 4.3 | CVE-2025-48348 |
| Chartbeat–Chartbeat | Server-Side Request Forgery (SSRF) vulnerability in Chartbeat Chartbeat allows Server Side Request Forgery. This issue affects Chartbeat: from n/a through 2.0.7. | 2025-08-28 | 6.4 | CVE-2025-53250 |
| Cisco–Cisco Data Center Network Manager | A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. | 2025-08-27 | 5.4 | CVE-2025-20347 |
| Cisco–Cisco Nexus Dashboard | A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerability is due to insufficient validation of the contents of a backup file. An attacker with valid Administrator credentials could exploit this vulnerability by restoring a crafted backup file to an affected device. A successful exploit could allow the attacker to gain root privileges on the underlying shell on the affected device. | 2025-08-27 | 6.5 | CVE-2025-20344 |
| Cisco–Cisco Nexus Dashboard | A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device. | 2025-08-27 | 5 | CVE-2025-20348 |
| Cisco–Cisco NX-OS Software | A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes. | 2025-08-27 | 5 | CVE-2025-20262 |
| Cisco–Cisco NX-OS Software | A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cisco UCS 6500 Series Fabric Interconnects, and Cisco UCS 9108 100G Fabric Interconnects could allow an authenticated, local attacker access to sensitive information. This vulnerability is due to improper logging of sensitive information. An attacker could exploit this vulnerability by accessing log files on the file system where they are stored. A successful exploit could allow the attacker to access sensitive information, such as stored credentials. | 2025-08-27 | 5.5 | CVE-2025-20290 |
| Cisco–Cisco NX-OS Software | A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by entering crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to read and write files on the underlying operating system with the privileges of a non-root user account. File system access is limited to the permissions that are granted to that non-root user account. | 2025-08-27 | 4.4 | CVE-2025-20292 |
| Cisco–Cisco Unified Computing System (Managed) | Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command injection attacks on an affected system and elevate privileges to root. These vulnerabilities are due to insufficient input validation of command arguments supplied by the user. An attacker could exploit these vulnerabilities by authenticating to a device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of the affected device with root-level privileges. | 2025-08-27 | 6.5 | CVE-2025-20294 |
| Cisco–Cisco Unified Computing System (Managed) | A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system of the underlying operating system of an affected device, including system files. This vulnerability is due to insufficient input validation of command arguments supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to read or create a file or overwrite any file on the file system of the underlying operating system of the affected device, including system files. To exploit this vulnerability, the attacker must have valid administrative credentials on the affected device. | 2025-08-27 | 6 | CVE-2025-20295 |
| Cisco–Cisco Unified Computing System (Managed) | A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device. Note: The affected vKVM client is also included in Cisco UCS Manager. | 2025-08-27 | 5.4 | CVE-2025-20342 |
| code-projects–Simple Grading System | A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /edit_account.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | 2025-08-29 | 6.3 | CVE-2025-9663 |
| code-projects–Simple Grading System | A security flaw has been discovered in code-projects Simple Grading System 1.0. Affected is an unknown function of the file /add_student_grade.php of the component Admin Panel. The manipulation of the argument Add results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | 2025-08-29 | 6.3 | CVE-2025-9664 |
| code-projects–Simple Grading System | A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-08-29 | 6.3 | CVE-2025-9665 |
| code-projects–Simple Grading System | A security vulnerability has been detected in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin Panel. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | 2025-08-29 | 6.3 | CVE-2025-9666 |
| code-projects–Simple Grading System | A vulnerability was detected in code-projects Simple Grading System 1.0. This affects an unknown part of the file /delete_account.php of the component Admin Panel. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-08-29 | 6.3 | CVE-2025-9667 |
| code-projects–Student Information Management System | A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. The attack may be performed from a remote location. The exploit has been made public and could be used. | 2025-08-28 | 4.3 | CVE-2025-9595 |
| Comfast–CF-N1 | A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-08-28 | 6.3 | CVE-2025-9581 |
| Comfast–CF-N1 | A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-08-28 | 6.3 | CVE-2025-9582 |
| Comfast–CF-N1 | A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-08-28 | 6.3 | CVE-2025-9583 |
| Comfast–CF-N1 | A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | 2025-08-28 | 6.3 | CVE-2025-9584 |
| Comfast–CF-N1 | A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-28 | 6.3 | CVE-2025-9585 |
| Comfast–CF-N1 | A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. | 2025-08-28 | 6.3 | CVE-2025-9586 |
| contao–contao | Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search. | 2025-08-28 | 5.3 | CVE-2025-57756 |
| contao–contao | Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page. | 2025-08-28 | 5.3 | CVE-2025-57757 |
| contao–contao | Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn’t check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE. | 2025-08-28 | 4.3 | CVE-2025-57758 |
| contao–contao | Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds. | 2025-08-28 | 4.3 | CVE-2025-57759 |
| D-Link–DI-500WF | A security vulnerability has been detected in D-Link DI-500WF 14.04.10A1T. The impacted element is an unknown function of the file /version_upgrade.asp of the component jhttpd. The manipulation of the argument path leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-08-31 | 4.7 | CVE-2025-9745 |
| D-Link–DIR-816L | A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-31 | 6.3 | CVE-2025-9727 |
| Delta Electronics–EIP Builder | Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability. | 2025-08-26 | 5.5 | CVE-2025-57704 |
| diyhi–bbs | A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | 2025-08-26 | 4.3 | CVE-2025-9461 |
| E4 Sistemas–Mercatus ERP | A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9619 |
| Elastic–Kibana | Incorrect authorization in Kibana can lead to privilege escalation via the built-in reporting_user role which incorrectly has the ability to access all Kibana Spaces. | 2025-08-28 | 6.5 | CVE-2025-25010 |
| Element Invader–ElementInvader Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Element Invader ElementInvader Addons for Elementor allows DOM-Based XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.6. | 2025-08-27 | 6.5 | CVE-2025-58205 |
| Enalean–tuleap | Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition versions before 16.10.99.1754050155 and Tuleap Enterprise Edition versions before 16.9-8 and before 16.10-5, an attacker can access to the content of the special and always there fields of accessible artifacts even if the permissions associated with the underlying fields do not allow it. This issue has been fixed in Tuleap Community Edition version 16.10.99.1754050155 and Tuleap Enterprise Edition versions 16.9-8 and 16.10-5. | 2025-08-29 | 5.3 | CVE-2025-54877 |
| epeken–Epeken All Kurir | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in epeken Epeken All Kurir allows DOM-Based XSS. This issue affects Epeken All Kurir: from n/a through 2.0.1. | 2025-08-27 | 6.5 | CVE-2025-58212 |
| Eric Teubert–Podlove Podcast Publisher | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Eric Teubert Podlove Podcast Publisher allows Phishing. This issue affects Podlove Podcast Publisher: from n/a through 4.2.5. | 2025-08-27 | 4.7 | CVE-2025-58204 |
| everythingwp–Risk Free Cash On Delivery (COD) – WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce allows Stored XSS. This issue affects Risk Free Cash On Delivery (COD) – WooCommerce: from n/a through 1.0.4. | 2025-08-28 | 5.9 | CVE-2025-48358 |
| Facebook–WhatsApp Desktop for Mac | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. | 2025-08-29 | 5.4 | CVE-2025-55177 |
| favethemes–Houzez CRM | Missing Authorization vulnerability in favethemes Houzez CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Houzez CRM: from n/a through 1.4.7. | 2025-08-28 | 6.5 | CVE-2025-49402 |
| Finn Dohrn–Statify Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Finn Dohrn Statify Widget allows Stored XSS. This issue affects Statify Widget: from n/a through 1.4.6. | 2025-08-28 | 6.5 | CVE-2025-48322 |
| firecrawl–firecrawl | Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl’s webhook functionality. Authenticated users could configure a webhook to an internal URL and send POST requests with arbitrary headers, which may have allowed access to internal systems. This has been fixed in version 2.0.1. If upgrading is not possible, it is recommend to isolate Firecrawl from any sensitive internal systems. | 2025-08-26 | 6.3 | CVE-2025-57818 |
| GalleryVault–Gallery Vault App | A vulnerability was identified in GalleryVault Gallery Vault App up to 4.5.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | 2025-08-30 | 5.3 | CVE-2025-9695 |
| garbowza–OSM Map Widget for Elementor | The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-29 | 6.4 | CVE-2025-8619 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. | 2025-08-27 | 6.5 | CVE-2025-3601 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. | 2025-08-27 | 5.8 | CVE-2025-2246 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests. | 2025-08-27 | 5.3 | CVE-2025-4225 |
| GitLab–GitLab | An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports. | 2025-08-27 | 5 | CVE-2025-5101 |
| gitpod-io–gitpod | Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment when clicked by an authenticated user. This resulted from how Bitbucket returned tokens and how Gitpod handled the redirect flow. The issue was limited to Bitbucket (GitHub and GitLab integrations were not affected), required user interaction, and has been mitigated through redirect handling and OAuth logic hardening. The issue was resolved in main-gha.33628 and later. There are no workarounds. | 2025-08-29 | 6.5 | CVE-2025-55750 |
| givanz–Vvveb | A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is bbd4c42c66ab818142240348173a669d1d2537fe. Applying a patch is advised to resolve this issue. | 2025-08-31 | 4.3 | CVE-2025-9728 |
| gslauraspeck–Mesa Mesa Reservation Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gslauraspeck Mesa Mesa Reservation Widget allows Stored XSS. This issue affects Mesa Mesa Reservation Widget: from n/a through 1.0.0. | 2025-08-28 | 5.9 | CVE-2025-48319 |
| HCL Software–AIML Solutions for SX | AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information. | 2025-08-28 | 5.1 | CVE-2025-31971 |
| HCL Software–BigFix Service Management (SM) | HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | 2025-08-28 | 6.5 | CVE-2025-31972 |
| HCL Software–BigFix Service Management (SM) | HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions. | 2025-08-28 | 5.3 | CVE-2025-31977 |
| HCL Software–BigFix Service Management (SM) | A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms. | 2025-08-28 | 5.4 | CVE-2025-31979 |
| Hikvision–HikCentral FocSign | There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-29 | 5.3 | CVE-2025-39246 |
| Hikvision–HikCentral Master Lite | There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data. | 2025-08-29 | 4.7 | CVE-2025-39245 |
| HuangDou–UTCMS | A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 4.7 | CVE-2025-9402 |
| iatspaymentsdev–iATS Online Forms | The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-08-29 | 6.5 | CVE-2025-9441 |
| IBM–Cognos Command Center | IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. | 2025-08-26 | 6.1 | CVE-2025-1494 |
| IBM–Watson Studio on Cloud Pak for Data | IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-08-28 | 5.4 | CVE-2024-49790 |
| imaprogrammer–Custom Comment | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in imaprogrammer Custom Comment allows Stored XSS. This issue affects Custom Comment: from n/a through 2.1.6. | 2025-08-28 | 5.9 | CVE-2025-48365 |
| inkthemes–WP Mailgun SMTP | Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7. | 2025-08-28 | 5.3 | CVE-2025-48327 |
| Isra–Kanpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Isra Kanpress allows Stored XSS. This issue affects Kanpress: from n/a through 1.1. | 2025-08-28 | 6.5 | CVE-2025-48356 |
| ItayXD–Responsive Mobile-Friendly Tooltip | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ItayXD Responsive Mobile-Friendly Tooltip allows Stored XSS. This issue affects Responsive Mobile-Friendly Tooltip: from n/a through 1.6.6. | 2025-08-28 | 6.5 | CVE-2025-48316 |
| itsourcecode–Apartment Management System | A weakness has been identified in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. | 2025-08-25 | 6.3 | CVE-2025-9417 |
| JetBrains–Junie | In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function | 2025-08-28 | 5.5 | CVE-2025-58335 |
| jgwhite33–WP Thumbtack Review Slider | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6. | 2025-08-27 | 5.9 | CVE-2025-58216 |
| justinbusa–Beaver Builder WordPress Page Builder | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ”fl_builder’ parameter in all versions up to, and including, 2.9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-08-28 | 6.1 | CVE-2025-8897 |
| Kakao– Hey Kakao App | A vulnerability was detected in Kakao í—¤ì´ì¹´ì¹´ì˜¤ Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9673 |
| kalcaddle–kodbox | A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing manipulation of the argument url results in server-side request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 4.7 | CVE-2025-9414 |
| kevin heath–Tripadvisor Shortcode | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in kevin heath Tripadvisor Shortcode allows Stored XSS. This issue affects Tripadvisor Shortcode: from n/a through 2.2. | 2025-08-28 | 5.9 | CVE-2025-48313 |
| Kevin Langley Jr.–Post Type Converter | Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley Jr. Post Type Converter allows Cross-Site Request Forgery.This issue affects Post Type Converter: from n/a through 0.6. | 2025-08-25 | 4.3 | CVE-2025-48303 |
| kevinweber–Lazy Load for Videos | The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The plugin’s JavaScript registration handlers read the client‑supplied ‘data-video-title’ and ‘href’ attributes, decode HTML entities by default, and pass them directly into DOM sinks without any escaping or validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-27 | 6.4 | CVE-2025-7732 |
| khashabawy–tli.tl auto Twitter poster | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in khashabawy tli.tl auto Twitter poster allows Stored XSS. This issue affects tli.tl auto Twitter poster: from n/a through 3.4. | 2025-08-28 | 5.9 | CVE-2025-48324 |
| Kubernetes–Kubernetes | A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. | 2025-08-27 | 6.7 | CVE-2025-5187 |
| LB-LINK–BL-X26 | A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 6.3 | CVE-2025-9579 |
| LB-LINK–BL-X26 | A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 6.3 | CVE-2025-9580 |
| Linksys–E1700 | A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-27 | 4.7 | CVE-2025-9528 |
| Linksys–RE6250 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 6.3 | CVE-2025-9575 |
| LiquidThemes–AI Hub – Startup & Technology WordPress Theme | Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquid_reset_wordpress_before AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate all of a site’s plugins. While we escalated this to Envato after not being able to establish contact, it appears the developer added a nonce check, however that is not sufficient protection as the nonce is exposed to all users with access to the dashboard. | 2025-08-28 | 4.3 | CVE-2025-0951 |
| lostvip-com–ruoyi-go | A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 6.3 | CVE-2025-9410 |
| lostvip-com–ruoyi-go | A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 6.3 | CVE-2025-9411 |
| lostvip-com–ruoyi-go | A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 6.3 | CVE-2025-9412 |
| lostvip-com–ruoyi-go | A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 6.3 | CVE-2025-9413 |
| lostvip-com–ruoyi-go | A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 4.3 | CVE-2025-9409 |
| Md Abunaser Khan–Advance Food Menu | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Md Abunaser Khan Advance Food Menu allows Stored XSS. This issue affects Advance Food Menu: from n/a through 1.0. | 2025-08-28 | 5.9 | CVE-2025-48323 |
| Metin Sara–Popup for CF7 with Sweet Alert | Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5. | 2025-08-28 | 4.3 | CVE-2025-48363 |
| mibuthu–Link View | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mibuthu Link View allows Stored XSS. This issue affects Link View: from n/a through 0.8.0. | 2025-08-28 | 6.5 | CVE-2025-48110 |
| mibuthu–Link View | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mibuthu Link View allows Stored XSS.This issue affects Link View: from n/a through 0.8.0. | 2025-08-27 | 5.9 | CVE-2025-49039 |
| Mihomo–Party | A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. | 2025-08-26 | 4.5 | CVE-2025-9474 |
| Miles–All Bootstrap Blocks | Missing Authorization vulnerability in Miles All Bootstrap Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects All Bootstrap Blocks: from n/a through 1.3.28. | 2025-08-28 | 6.5 | CVE-2025-54733 |
| milmor–Amministrazione Trasparente | The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-08-31 | 5.5 | CVE-2025-5083 |
| Mitsubishi Electric Corporation–MELSEC iQ-F Series FX5U-32MT/ES | Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and prevent legitimate users from utilizing the web server function, by sending a specially crafted HTTP request. | 2025-08-25 | 5.3 | CVE-2025-5514 |
| mixmark-io–turndown | A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | 2025-08-29 | 5.3 | CVE-2025-9670 |
| Modo–Legend of the Phoenix | A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9677 |
| Mojoomla–School Management | Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0. | 2025-08-26 | 6.5 | CVE-2025-48108 |
| mra13 / Team Tips and Tricks HQ–Simple Download Monitor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in mra13 / Team Tips and Tricks HQ Simple Download Monitor allows Stored XSS. This issue affects Simple Download Monitor: from n/a through 3.9.34. | 2025-08-27 | 6.5 | CVE-2025-58197 |
| mra13–Simple Download Monitor | The Simple Download Monitor plugin for WordPress is vulnerable to time-based SQL Injection via the order parameter in all versions up to, and including, 3.9.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-08-28 | 6.5 | CVE-2025-8977 |
| mtons–mblog | A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used. | 2025-08-26 | 4.3 | CVE-2025-9431 |
| mtons–mblog | A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-26 | 4.3 | CVE-2025-9432 |
| mtons–mblog | A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. | 2025-08-26 | 4.3 | CVE-2025-9433 |
| mtons–mblog | A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-08-29 | 4.3 | CVE-2025-9647 |
| n/a–DCMTK | A vulnerability was identified in DCMTK up to 3.6.9. This affects an unknown function in the library dcmimage/include/dcmtk/dcmimage/diybrpxt.h of the component dcm2img. Such manipulation leads to memory corruption. Local access is required to approach this attack. The name of the patch is 7ad81d69b. It is best practice to apply a patch to resolve this issue. | 2025-08-31 | 5.3 | CVE-2025-9732 |
| n/a–GreenCMS | A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-25 | 6.3 | CVE-2025-9415 |
| n/a–Koillection | A vulnerability has been found in Koillection up to 1.6.18. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 9ab8562d3f1e953da93fed63f9ee802c7ea26a9a. It is suggested to upgrade the affected component. The vendor explains: “I ended up switching to a newer CSRF handling using stateless token.” | 2025-08-31 | 4.3 | CVE-2025-9747 |
| n/a–Mupen64Plus | A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch. | 2025-08-30 | 5 | CVE-2025-9688 |
| n/a–Open5GS | A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue. | 2025-08-25 | 5.3 | CVE-2025-9405 |
| n/a–Rejseplanen App | A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9672 |
| n/a–Voice Changer App | A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. | 2025-08-29 | 5.3 | CVE-2025-9675 |
| NCSOFT–Universe App | A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9676 |
| Neuralabz LTD–AutoWP | Missing Authorization vulnerability in Neuralabz LTD AutoWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AutoWP: from n/a through 2.2.2. | 2025-08-28 | 4.3 | CVE-2025-48350 |
| nicheaddons–Events Addon for Elementor | The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-29 | 6.4 | CVE-2025-8150 |
| Nozomi Networks–CMC | An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data. | 2025-08-26 | 4.3 | CVE-2025-1501 |
| oceanwp–Ocean Extra | The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-30 | 6.4 | CVE-2025-9499 |
| openebs–rawfile-localpv | OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The rawfile-localpv storage class creates persistent volume data under /var/csi/rawfile/ on Kubernetes hosts by default. However, the directory and data in it are world-readable. It allows non-privileged users to access the whole persistent volume data, and those can include sensitive information such as a whole database if the Kubernetes tenants are running MySQL or PostgreSQL in a container so it could lead to a database breach. This issue has been patched in version 0.10.0. | 2025-08-28 | 5.5 | CVE-2025-58061 |
| origincode–Video Gallery Vimeo and YouTube Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in origincode Video Gallery – Vimeo and YouTube Gallery allows Stored XSS. This issue affects Video Gallery – Vimeo and YouTube Gallery: from n/a through 1.1.7. | 2025-08-28 | 6.5 | CVE-2025-48349 |
| pendulum-project–ntpd-rs | nptd-rs is a tool for synchronizing your computer’s clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible. | 2025-08-29 | 5.3 | CVE-2025-58066 |
| peterhebert–Custom Query Shortcode | The Custom Query Shortcode plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.4.0 via the ‘lens’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of files on the server, which can contain sensitive information. | 2025-08-25 | 6.5 | CVE-2025-8562 |
| PHPGurukul–Directory Management System | A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2025-08-29 | 4.3 | CVE-2025-9656 |
| plugincy–Dynamic AJAX Product Filters for WooCommerce | The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-28 | 6.4 | CVE-2025-6255 |
| plugincy–Dynamic AJAX Product Filters for WooCommerce | The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-28 | 6.4 | CVE-2025-8073 |
| Plugins and Snippets–Simple Page Access Restriction | Cross-Site Request Forgery (CSRF) vulnerability in Plugins and Snippets Simple Page Access Restriction allows Cross Site Request Forgery. This issue affects Simple Page Access Restriction: from n/a through 1.0.32. | 2025-08-27 | 4.3 | CVE-2025-58202 |
| Portabilis–i-Educar | A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/agenda.php of the component Agenda Module. Performing manipulation of the argument cod_agenda results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-27 | 6.3 | CVE-2025-9531 |
| Portabilis–i-Educar | A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-27 | 6.3 | CVE-2025-9532 |
| Portabilis–i-Educar | A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | 2025-08-29 | 6.3 | CVE-2025-9606 |
| Portabilis–i-Educar | A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | 2025-08-29 | 6.3 | CVE-2025-9607 |
| Portabilis–i-Educar | A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | 2025-08-29 | 6.3 | CVE-2025-9608 |
| Portabilis–i-Educar | A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used. | 2025-08-29 | 6.3 | CVE-2025-9609 |
| Portabilis–i-Educar | A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | 2025-08-30 | 6.3 | CVE-2025-9684 |
| Portabilis–i-Educar | A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | 2025-08-30 | 6.3 | CVE-2025-9685 |
| Portabilis–i-Educar | A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | 2025-08-30 | 6.3 | CVE-2025-9686 |
| Portabilis–i-Educar | A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited. | 2025-08-30 | 6.3 | CVE-2025-9687 |
| Printeers–Printeers Print & Ship | Path Traversal: ‘…/…//’ vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0. | 2025-08-27 | 5.3 | CVE-2025-48081 |
| pronamic–Pronamic Google Maps | The Pronamic Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the description field in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-28 | 5.4 | CVE-2025-9352 |
| Razvan Stanga–Varnish/Nginx Proxy Caching | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching allows Stored XSS. This issue affects Varnish/Nginx Proxy Caching: from n/a through 1.8.3. | 2025-08-28 | 5.9 | CVE-2025-48360 |
| Revolution Slider–Slider Revolution | The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the ‘used_svg’ and ‘used_images’ parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-08-29 | 6.5 | CVE-2025-9217 |
| rtCamp–Transcoder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in rtCamp Transcoder allows Stored XSS. This issue affects Transcoder: from n/a through 1.4.0. | 2025-08-27 | 6.5 | CVE-2025-58209 |
| Ruijie–WS7204-A | A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 4.7 | CVE-2025-9424 |
| Saeed Sattar Beglou–Hesabfa Accounting | Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Retrieve Embedded Sensitive Data. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | 2025-08-28 | 5.3 | CVE-2025-48361 |
| Saeed Sattar Beglou–Hesabfa Accounting | Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | 2025-08-28 | 5.4 | CVE-2025-48362 |
| salubrio–Add Code To Head | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in salubrio Add Code To Head allows Stored XSS. This issue affects Add Code To Head: from n/a through 1.17. | 2025-08-28 | 5.9 | CVE-2025-48314 |
| servmask–All-in-One WP Migration and Backup | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-08-26 | 4.4 | CVE-2025-8490 |
| shafhasan–chatbox | A vulnerability was found in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. The attack may be performed from a remote location. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | 2025-08-29 | 6.3 | CVE-2025-9651 |
| shen2– | Cross-Site Request Forgery (CSRF) vulnerability in shen2 多说社会化评论框 allows Cross Site Request Forgery. This issue affects 多说社会化评论框: from n/a through 1.2. | 2025-08-28 | 4.3 | CVE-2025-48318 |
| sitesearch-yandex–Yandex Site search pinger | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in sitesearch-yandex Yandex Site search pinger allows Stored XSS. This issue affects Yandex Site search pinger: from n/a through 1.5. | 2025-08-28 | 5.9 | CVE-2025-48352 |
| SMA–Boy 3.0 | An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices. | 2025-08-27 | 6.5 | CVE-2021-4459 |
| sminozzi–Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to an insufficient capability check on the ‘stopbadbots_check_wordpress_logged_in_cookie’ function in all versions up to, and including, 11.58. This makes it possible for unauthenticated attackers to bypass blocklists, rate limits, and other plugin functionality. | 2025-08-28 | 6.5 | CVE-2025-9376 |
| softaculous–SiteSEO SEO Simplified | The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-26 | 6.4 | CVE-2025-9277 |
| softdiscover–File Manager, Code Editor, and Backup by Managefy | The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. | 2025-08-28 | 4.9 | CVE-2025-9345 |
| solacewp–Solace Extra | Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.2. | 2025-08-27 | 4.4 | CVE-2025-58203 |
| Solidigm–D7-PS1010/D7-PS1030 | Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service | 2025-08-28 | 4.4 | CVE-2025-9195 |
| SourceCodester–Advanced School Management System | A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. | 2025-08-30 | 6.3 | CVE-2025-9689 |
| SourceCodester–Advanced School Management System | A flaw has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | 2025-08-30 | 6.3 | CVE-2025-9690 |
| stanton119–WordPress HTML | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in stanton119 WordPress HTML allows Stored XSS. This issue affects WordPress HTML: from n/a through 0.51. | 2025-08-28 | 6.5 | CVE-2025-48315 |
| stiofansisland–UsersWP Front-end login form, User Registration, User Profile & Members Directory plugin for WP | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘uwp_profile’ and ‘uwp_profile_header’ shortcodes in all versions up to, and including, 1.2.42 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-28 | 6.4 | CVE-2025-9344 |
| Synology–RADIUS Server | Improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability in Synology RADIUS Server allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors. | 2025-08-29 | 5.9 | CVE-2024-13987 |
| TeamViewer–Full Client | Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during directory verification. | 2025-08-26 | 6.1 | CVE-2025-44002 |
| Telesquare–TLR-2005KSH | A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 6.3 | CVE-2025-9603 |
| The-Scratch-Channel–the-scratch-channel.github.io | The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account’s username locally. This issue has been patched in version 1.1. | 2025-08-25 | 6.7 | CVE-2025-55301 |
| Theme Century–Century ToolKit | Cross-Site Request Forgery (CSRF) vulnerability in Theme Century Century ToolKit allows Cross Site Request Forgery. This issue affects Century ToolKit: from n/a through 1.2.1. | 2025-08-28 | 5.4 | CVE-2025-48357 |
| themefic–Tourfic Ultimate Travel Booking, Hotel Booking & Car Rental WordPress Plugin | WooCommerce Booking | The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions in all versions up to, and including, 2.14.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively. | 2025-08-26 | 4.3 | CVE-2024-8860 |
| tobiasbg–TablePress Tables in WordPress made easy | The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-30 | 6.4 | CVE-2025-9500 |
| Transbyte–Scooper News App | A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9674 |
| traPtitech–traQ | traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an SQL error by methods such as placing a high load on the database. This could allow an attacker who has the authority to view the log files to illicitly acquire the recorded sensitive information. This vulnerability has been patched in version 3.25.0. If upgrading is not possible, a temporary workaround involves reviewing access permissions for SQL error logs and strictly limiting access to prevent unauthorized users from viewing them. | 2025-08-26 | 5.9 | CVE-2025-57813 |
| UAB–Paytend App | A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-29 | 5.3 | CVE-2025-9671 |
| uicore–UiCore Elements | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in uicore UiCore Elements allows Stored XSS. This issue affects UiCore Elements: from n/a through 1.3.4. | 2025-08-27 | 6.5 | CVE-2025-58196 |
| ulikunitz–xz | xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn’t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14. | 2025-08-28 | 5.3 | CVE-2025-58058 |
| Uncanny Owl–Uncanny Automator | Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Uncanny Automator: from n/a through 6.7.0.1. | 2025-08-27 | 4.3 | CVE-2025-58193 |
| unitecms–Unlimited Elements For Elementor | The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.148 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-28 | 6.4 | CVE-2025-8603 |
| ValvePress–WordPress Automatic Plugin | The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update campaigns and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-26 | 4.7 | CVE-2025-6247 |
| vEnCa-X–rajce | Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allows Server Side Request Forgery. This issue affects rajce: from n/a through 0.4.2. | 2025-08-28 | 4.9 | CVE-2025-48364 |
| vercel–next.js | Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled. | 2025-08-29 | 6.2 | CVE-2025-57752 |
| vercel–next.js | Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. This vulnerability has been fixed in Next.js versions 14.2.32 and 15.4.7. All users implementing custom middleware logic in self-hosted environments are strongly encouraged to upgrade and verify correct usage of the next() function. | 2025-08-29 | 6.5 | CVE-2025-57822 |
| vercel–next.js | Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. | 2025-08-29 | 4.3 | CVE-2025-55173 |
| vikingjs–Goal Tracker for Patreon | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in vikingjs Goal Tracker for Patreon allows Stored XSS. This issue affects Goal Tracker for Patreon: from n/a through 0.4.6. | 2025-08-28 | 5.9 | CVE-2025-48305 |
| Vincent Mimoun-Prat–bxSlider integration for WordPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vincent Mimoun-Prat bxSlider integration for WordPress allows Stored XSS. This issue affects bxSlider integration for WordPress: from n/a through 1.7.2. | 2025-08-28 | 6.5 | CVE-2025-48347 |
| weblineindia–List Subpages | The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-29 | 6.4 | CVE-2025-8290 |
| WP Chinese Translation–WPAvatar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 文派翻译(WP Chinese Translation) WPAvatar allows Stored XSS. This issue affects WPAvatar: from n/a through 1.9.3. | 2025-08-28 | 6.5 | CVE-2025-48312 |
| WP Smart Widgets–Better Post & Filter Widgets for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WP Smart Widgets Better Post & Filter Widgets for Elementor allows Stored XSS. This issue affects Better Post & Filter Widgets for Elementor: from n/a through 1.6.0. | 2025-08-28 | 6.5 | CVE-2025-48354 |
| WP Ulike–WP ULike Pro | The WP ULike Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the WP_Ulike_Pro_File_Uploader class in all versions up to, and including, 1.9.3. This makes it possible for unauthenticated attackers to upload limited arbitrary files like .php2, .php6, .php7, .phps, .pht, .phtm, .pgif, .shtml, .phar, .inc, .hphp, .ctp, .module, .html, .svg on the affected site’s server which may make make other attacks like Cross-Site Scripting possible. Only versions up to 1.8.7 were confirmed vulnerable, however, the earliest tested version for a patch we have access to is 1.9.4, so we are considering 1.9.4 the patched version. | 2025-08-28 | 6.1 | CVE-2024-9648 |
| wpdevelop–Booking Calendar | The Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 10.14.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-28 | 6.4 | CVE-2025-9346 |
| wpdreams–Ajax Search Lite Live Search & Filter | The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows. | 2025-08-28 | 5.3 | CVE-2025-7956 |
| wpdreams–Related Posts Lite | The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-30 | 4.3 | CVE-2025-9618 |
| wptableeditor–Table Editor | Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4. | 2025-08-28 | 4.3 | CVE-2025-48310 |
| Xinhu–RockOA | A vulnerability was found in Xinhu RockOA up to 2.6.9. Impacted is the function publicsaveAjax of the file /index.php. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | 2025-08-29 | 6.3 | CVE-2025-9602 |
| Xpro–Xpro Elementor Addons | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Xpro Xpro Elementor Addons allows Stored XSS. This issue affects Xpro Elementor Addons: from n/a through 1.4.17. | 2025-08-27 | 6.5 | CVE-2025-58195 |
| Xpro–Xpro Theme Builder | Missing Authorization vulnerability in Xpro Xpro Theme Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Xpro Theme Builder: from n/a through 1.2.9. | 2025-08-27 | 6.5 | CVE-2025-58198 |
| xuhuisheng–lemon | A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | 2025-08-25 | 6.3 | CVE-2025-9406 |
| xwiki–xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn’t store passwords in plain text, and it shouldn’t be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1. | 2025-08-28 | 5.8 | CVE-2025-58049 |
| Xylus Themes–WP Bulk Delete | Missing Authorization vulnerability in Xylus Themes WP Bulk Delete allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Bulk Delete: from n/a through 1.3.6. | 2025-08-27 | 4.3 | CVE-2025-58192 |
| yeqifu–carRental | A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery | 2025-08-29 | 5.4 | CVE-2025-9650 |
| YiFang–CMS | A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 6.3 | CVE-2025-9399 |
| YiFang–CMS | A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 6.3 | CVE-2025-9400 |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| appneta–tcpreplay | A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: “Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3.” | 2025-08-29 | 3.3 | CVE-2025-9649 |
| Arista Networks–EOS | On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships. | 2025-08-25 | 3.8 | CVE-2025-3456 |
| Campcodes–Hospital Management System | A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | 2025-08-31 | 2.4 | CVE-2025-9746 |
| Cudy–LT500E | A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack’s complexity is rated as high. The exploitability is told to be difficult. The exploit is publicly available and might be used. Upgrading to version 2.3.13 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: “[T]he firmware does store a default password of ‘admin’. This password has been deprecated since LT500E firmware version 2.3.13 and is no longer used. The LT500E does not have an administrator password set by default; a new password (at least 8 characters ) must be manually created upon first login the web management page.” | 2025-08-31 | 2.5 | CVE-2025-9725 |
| Cudy–WR1200EA | A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 2.5 | CVE-2025-9589 |
| editso–fuso | A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. Remote exploitation of the attack is possible. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. | 2025-08-27 | 3.7 | CVE-2025-9513 |
| HuangDou–UTCMS | A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-25 | 3.7 | CVE-2025-9401 |
| ImageMagick–ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (“:”) to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. This issue has been patched in versions 6.9.13-28 and 7.1.2-2. | 2025-08-26 | 3.7 | CVE-2025-55212 |
| jqlang–jq | A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Other versions might be affected as well. | 2025-08-25 | 3.3 | CVE-2025-9403 |
| macrozheng–mall | A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be difficult. The vendor deleted the GitHub issue for this vulnerability without and explanation. | 2025-08-27 | 3.7 | CVE-2025-9514 |
| mtons–mblog | A flaw has been found in mtons mblog up to 3.5.0. Affected by this vulnerability is an unknown functionality of the file /settings/profile. Executing manipulation of the argument signature can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. Other parameters might be affected as well. | 2025-08-25 | 3.5 | CVE-2025-9407 |
| mtons–mblog | A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | 2025-08-25 | 3.5 | CVE-2025-9429 |
| mtons–mblog | A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. | 2025-08-26 | 2.4 | CVE-2025-9430 |
| n/a–coze-studio | A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): “For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt.” | 2025-08-29 | 3.7 | CVE-2025-9604 |
| n/a–O2OA | A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-29 | 3.5 | CVE-2025-9646 |
| n/a–O2OA | A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched remotely. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-29 | 3.5 | CVE-2025-9655 |
| n/a–O2OA | A vulnerability was detected in O2OA up to 10.0-410. This issue affects some unknown processing of the file /x_program_center/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-29 | 3.5 | CVE-2025-9657 |
| n/a–O2OA | A flaw has been found in O2OA up to 10.0-410. Impacted is an unknown function of the file /x_portal_assemble_designer/jaxrs/dict/ of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-29 | 3.5 | CVE-2025-9658 |
| n/a–O2OA | A vulnerability has been found in O2OA up to 10.0-410. The affected element is an unknown function of the file /x_portal_assemble_designer/jaxrs/widget of the component Personal Profile Page. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-29 | 3.5 | CVE-2025-9659 |
| n/a–O2OA | A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-30 | 3.5 | CVE-2025-9680 |
| n/a–O2OA | A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-30 | 3.5 | CVE-2025-9681 |
| n/a–O2OA | A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-30 | 3.5 | CVE-2025-9682 |
| n/a–O2OA | A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-30 | 3.5 | CVE-2025-9683 |
| n/a–O2OA | A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site scripting. The attack can be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9715 |
| n/a–O2OA | A vulnerability was determined in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_processplatform_assemble_designer/jaxrs/form of the component Personal Profile Page. This manipulation of the argument name/alias/description causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9716 |
| n/a–O2OA | A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. | 2025-08-31 | 3.5 | CVE-2025-9717 |
| n/a–O2OA | A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9718 |
| n/a–O2OA | A weakness has been identified in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_processplatform_assemble_designer/jaxrs/script of the component Personal Profile Page. Executing manipulation of the argument name/alias/description/applicationName can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | 2025-08-31 | 3.5 | CVE-2025-9719 |
| n/a–O2OA | A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /x_query_assemble_designer/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9734 |
| n/a–O2OA | A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9735 |
| n/a–O2OA | A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9736 |
| n/a–O2OA | A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): “This issue will be fixed in the new version.” | 2025-08-31 | 3.5 | CVE-2025-9737 |
| n/a–Scada-LTS | A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | 2025-08-25 | 2.4 | CVE-2025-9404 |
| n/a–ZrLog | A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 2.4 | CVE-2025-9591 |
| nofusscomputing–centurion_erp | Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed token. This does not include any un-hashed authentication token as viewable. This issue has been patched in version 1.21.0. A workaround for this is not deemed viable as it would involve disabling token authentication. Users are encouraged to remove any authentication token that was created by one of the effected versions of Centurion ERP. Webmasters can ensure this occurs by removing all authentication tokens from the database. | 2025-08-29 | 1.9 | CVE-2025-58156 |
| oitcode–samarium | A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from a remote location. The exploit has been released to the public and may be exploited. | 2025-08-25 | 2.4 | CVE-2025-9416 |
| oitcode–samarium | A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. | 2025-08-25 | 2.4 | CVE-2025-9422 |
| Portabilis–i-Educar | A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-29 | 3.5 | CVE-2025-9652 |
| Portabilis–i-Educar | A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2025-08-29 | 3.5 | CVE-2025-9653 |
| Portabilis–i-Educar | A vulnerability was detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/TabelaArredondamento/edit of the component Cadastrar tabela de arredondamento Page. The manipulation of the argument Nome results in cross site scripting. The attack may be performed from a remote location. The exploit is now public and may be used. | 2025-08-31 | 3.5 | CVE-2025-9720 |
| Portabilis–i-Educar | A flaw has been found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/FormulaMedia/edit. This manipulation of the argument nome/formulaMedia causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. | 2025-08-31 | 3.5 | CVE-2025-9721 |
| Portabilis–i-Educar | A vulnerability has been found in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_tipo_ocorrencia_disciplinar_cad.php. Such manipulation of the argument nm_tipo/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-31 | 3.5 | CVE-2025-9722 |
| Portabilis–i-Educar | A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_regime_cad.php. Performing manipulation of the argument nm_tipo results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. | 2025-08-31 | 3.5 | CVE-2025-9723 |
| Portabilis–i-Educar | A vulnerability was determined in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /intranet/educar_nivel_ensino_cad.php. Executing manipulation of the argument nm_nivel/descricao can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2025-08-31 | 3.5 | CVE-2025-9724 |
| Portabilis–i-Educar | A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. | 2025-08-31 | 3.5 | CVE-2025-9738 |
| seeedstudio–ReSpeaker | A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 2.5 | CVE-2025-9576 |
| Tenda–AC9 | A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack’s complexity is rated as high. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. | 2025-08-31 | 2.5 | CVE-2025-9731 |
| TOTOLINK–X2000R | A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. | 2025-08-28 | 2.5 | CVE-2025-9577 |
| Weaver–E-Mobile Mobile Management Platform | A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-28 | 3.5 | CVE-2025-9590 |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/file” petition, “creator” and “license_holder” parameters. | 2025-08-29 | not yet calculated | CVE-2025-40702 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/group” petition, “name” and “alias-0” parameters. | 2025-08-29 | not yet calculated | CVE-2025-40703 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/edition” petition, “name” parameter. | 2025-08-29 | not yet calculated | CVE-2025-40704 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/acquisition” petition, “name” parameter. | 2025-08-29 | not yet calculated | CVE-2025-40705 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/source” petition, “name” parameter. | 2025-08-29 | not yet calculated | CVE-2025-40706 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/place” petition, “name” and “alias-0” parameters. | 2025-08-29 | not yet calculated | CVE-2025-40707 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/event” petition, “name” parameter. | 2025-08-29 | not yet calculated | CVE-2025-40708 |
| ACDH-CH–OpenAtlas | Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the “/insert/person/<ID>” petition, “name” and “alias-0” parameters. | 2025-08-29 | not yet calculated | CVE-2025-40709 |
| Acronis–Acronis Cyber Protect Cloud Agent | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296. | 2025-08-28 | not yet calculated | CVE-2025-48963 |
| Acronis–Acronis Cyber Protect Cloud Agent | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | 2025-08-28 | not yet calculated | CVE-2025-9578 |
| activePDF–WebGrabber | activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings. | 2025-08-30 | not yet calculated | CVE-2008-20001 |
| airlinklabs–daemon | Airlink’s Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1. | 2025-08-25 | not yet calculated | CVE-2025-57802 |
| alextselegidis–Easy!Appointments | alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter. | 2025-08-25 | not yet calculated | CVE-2025-50383 |
| Apache Friends–XAMPP | A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3’s default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server. | 2025-08-30 | not yet calculated | CVE-2012-10062 |
| Apache Software Foundation–Apache Cassandra | Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015. | 2025-08-25 | not yet calculated | CVE-2025-26467 |
| Apple–macOS | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. | 2025-08-29 | not yet calculated | CVE-2024-44271 |
| Apple–macOS | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. | 2025-08-29 | not yet calculated | CVE-2024-54554 |
| Apple–macOS | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination. | 2025-08-29 | not yet calculated | CVE-2024-54568 |
| Apple–macOS | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbitrary code. | 2025-08-29 | not yet calculated | CVE-2025-43187 |
| Apple–macOS | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination. | 2025-08-29 | not yet calculated | CVE-2025-43255 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | 2025-08-29 | not yet calculated | CVE-2025-43268 |
| Apple–macOS | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to cause unexpected system termination. | 2025-08-29 | not yet calculated | CVE-2025-43284 |
| Arcserve–Unified Data Protection (UDP) | An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms without valid credentials and access administrator-level features. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | 2025-08-27 | not yet calculated | CVE-2025-34520 |
| Arcserve–Unified Data Protection (UDP) | A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by another user, execute arbitrary JavaScript in the victim’s browser. Successful exploitation may lead to session hijacking, credential theft, or other client-side impacts. The vulnerability requires user interaction and occurs within a shared browser context. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | 2025-08-27 | not yet calculated | CVE-2025-34521 |
| Arcserve–Unified Data Protection (UDP) | A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote code execution. Exploitation occurs in the context of the affected process and does not require user interaction. The vulnerability poses a high risk due to its pre-authentication nature and potential for full compromise. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | 2025-08-27 | not yet calculated | CVE-2025-34522 |
| Arcserve–Unified Data Protection (UDP) | A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending specially crafted data, a remote attacker can corrupt heap memory, potentially causing a denial of service or enabling arbitrary code execution depending on the memory layout and exploitation techniques used. This vulnerability is similar in nature to CVE-2025-34522 but affects a separate code path or component. No user interaction is required, and exploitation occurs in the context of the vulnerable process. This vulnerability affects all UDP versions prior to 10.2. UDP 10.2 includes the necessary patches and requires no action. Versions 8.0 through 10.1 are supported and require either patch application or upgrade to 10.2. Versions 7.x and earlier are unsupported or out of maintenance and must be upgraded to 10.2 to remediate the issue. | 2025-08-27 | not yet calculated | CVE-2025-34523 |
| Atera–Nagios XI 2024R2 | A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user’s session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data. | 2025-08-26 | not yet calculated | CVE-2025-56432 |
| azu–request-filtering-agent | request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library’s SSRF protection. The vulnerability is particularly dangerous when the application accepts user-controlled URLs and internal services are only protected by network-level restrictions. This vulnerability has been fixed in request-filtering-agent version 2.0.0. Users should upgrade to version 2.0.0 or later. | 2025-08-25 | not yet calculated | CVE-2025-57814 |
| Belkin International, Inc.–Bulldog Plus UPS Monitoring Software | Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication. | 2025-08-30 | not yet calculated | CVE-2009-20009 |
| BS.Player–BS.Player Free and Pro Editions | BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded in the playlist, allowing overwrite of Structured Exception Handler (SEH) records. The vulnerability is triggered upon opening a crafted playlist file and affects the Unicode parsing logic in the Windows client. | 2025-08-30 | not yet calculated | CVE-2010-10016 |
| Catalyst–Mahara | Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the cache is not cleared after the files of one account are exported. | 2025-08-25 | not yet calculated | CVE-2023-47799 |
| Catalyst–Mahara | Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting (XSS) via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system. | 2025-08-26 | not yet calculated | CVE-2024-35203 |
| Catalyst–Mahara | Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the ‘Current submissions’ page: Administration -> Groups -> Submissions. | 2025-08-26 | not yet calculated | CVE-2024-39335 |
| Catalyst–Mahara | An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to Cross Site Scripting (XSS) due to not sanitising the values. These links can only be set up by an admin but are clickable by any logged-in person. | 2025-08-25 | not yet calculated | CVE-2024-39923 |
| Catalyst–Mahara | In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute. | 2025-08-26 | not yet calculated | CVE-2024-45753 |
| Catalyst–Mahara | An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download. | 2025-08-26 | not yet calculated | CVE-2024-47192 |
| Catalyst–Mahara | An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI). | 2025-08-26 | not yet calculated | CVE-2024-47853 |
| Catalyst–Mahara | Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy. | 2025-08-26 | not yet calculated | CVE-2025-29992 |
| CGM–CGM CLININET | In the Print.pl service, the “uhcPrintServerPrint” function allows execution of arbitrary code via the “CopyCounter” parameter. | 2025-08-27 | not yet calculated | CVE-2025-2313 |
| CGM–CGM CLININET | Stored XSS vulnerability exists in the “OddziaÅ‚” (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights. | 2025-08-27 | not yet calculated | CVE-2025-30036 |
| CGM–CGM CLININET | The system exposes several endpoints, typically including “/int/” in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp. | 2025-08-27 | not yet calculated | CVE-2025-30037 |
| CGM–CGM CLININET | The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. | 2025-08-27 | not yet calculated | CVE-2025-30038 |
| CGM–CGM CLININET | Unauthenticated access to the “/cgi-bin/CliniNET.prd/GetActiveSessions.pl” endpoint allows takeover of any user session logged into the system, including users with admin privileges. | 2025-08-27 | not yet calculated | CVE-2025-30039 |
| CGM–CGM CLININET | The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the “/cgi-bin/CliniNET.prd/utils/userlogxls.pl” endpoint. | 2025-08-27 | not yet calculated | CVE-2025-30040 |
| CGM–CGM CLININET | The paths “/cgi-bin/CliniNET.prd/utils/userlogstat.pl”, “/cgi-bin/CliniNET.prd/utils/usrlogstat.pl”, and “/cgi-bin/CliniNET.prd/utils/dblogstat.pl” expose data containing session IDs. | 2025-08-27 | not yet calculated | CVE-2025-30041 |
| CGM–CGM CLININET | The “serverConfig” endpoint, which returns the module configuration including credentials, is accessible without authentication. | 2025-08-27 | not yet calculated | CVE-2025-30048 |
| CGM–CGM CLININET | The “system” function receives untrusted input from the user. If the “EnableJSCaching” option is enabled, it is possible to execute arbitrary code provided as the “Module” parameter. | 2025-08-27 | not yet calculated | CVE-2025-30055 |
| CGM–CGM CLININET | The RunCommand function accepts any parameter, which is then passed for execution in the shell. This allows an attacker to execute arbitrary code on the system. | 2025-08-27 | not yet calculated | CVE-2025-30056 |
| CGM–CGM CLININET | In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. | 2025-08-27 | not yet calculated | CVE-2025-30057 |
| CGM–CGM CLININET | In the PatientService.pl service, the “getPatientIdentifier” function is vulnerable to SQL injection through the “pesel” parameter. | 2025-08-27 | not yet calculated | CVE-2025-30058 |
| CGM–CGM CLININET | In the PrepareCDExportJSON.pl service, the “getPerfServiceIds” function is vulnerable to SQL injection. | 2025-08-27 | not yet calculated | CVE-2025-30059 |
| CGM–CGM CLININET | In the ReturnUserUnitsXML.pl service, the “getUserInfo” function is vulnerable to SQL injection through the “UserID” parameter. | 2025-08-27 | not yet calculated | CVE-2025-30060 |
| CGM–CGM CLININET | In the “utils/Reporter/OpenReportWindow.pl” service, there is an SQL injection vulnerability through the “UserID” parameter. | 2025-08-27 | not yet calculated | CVE-2025-30061 |
| CGM–CGM CLININET | The configuration file containing database logins and passwords is readable by any local user. | 2025-08-27 | not yet calculated | CVE-2025-30063 |
| CGM–CGM CLININET | An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the “ex:action” parameter in the VerifyUserByThrustedService function to generate a session for any user. | 2025-08-27 | not yet calculated | CVE-2025-30064 |
| Changsha SPON Communication Technology Co. Ltd.–SPON IP Network Broadcast System | SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arises from insufficient input validation on the jsondata[url] parameter, which allows attackers to perform directory traversal and access sensitive files on the server. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted POST request to read arbitrary files, potentially exposing system configuration, credentials, or internal logic. An affected version range is undefined. | 2025-08-27 | not yet calculated | CVE-2024-13982 |
| Checkmk–Checkmk Exchange | Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic. | 2025-08-28 | not yet calculated | CVE-2025-58123 |
| Checkmk–Checkmk Exchange | Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic. | 2025-08-28 | not yet calculated | CVE-2025-58124 |
| Checkmk–Checkmk Exchange | Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic. | 2025-08-28 | not yet calculated | CVE-2025-58125 |
| Checkmk–Checkmk Exchange | Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic. | 2025-08-28 | not yet calculated | CVE-2025-58126 |
| Checkmk–Checkmk Exchange | Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic. | 2025-08-28 | not yet calculated | CVE-2025-58127 |
| Cisco–Cisco Unified Computing System (Managed) | A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role. | 2025-08-27 | not yet calculated | CVE-2025-20296 |
| CivetWeb–CivetWeb | Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution. | 2025-08-29 | not yet calculated | CVE-2025-55763 |
| ContentKeeper Technologies–ContentKeeper Web Appliance | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful. | 2025-08-30 | not yet calculated | CVE-2009-20011 |
| coolLabs Technologies–Coolify | Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to delete the project or its associated resource, the payload executes in the admin’s browser context. This results in full compromise of the Coolify instance, including theft of API tokens, session cookies, and access to WebSocket-based terminal sessions on managed servers. | 2025-08-27 | not yet calculated | CVE-2025-34157 |
| coolLabs Technologies–Coolify | Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting a malicious service definition that mounts the host root filesystem, an attacker can gain full root access to the underlying server. | 2025-08-27 | not yet calculated | CVE-2025-34159 |
| coolLabs Technologies–Coolify | Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creation. By submitting a crafted repository string containing command injection syntax, an attacker can execute arbitrary commands on the underlying host system, resulting in full server compromise. | 2025-08-27 | not yet calculated | CVE-2025-34161 |
| craftcms–cms | Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7. | 2025-08-25 | not yet calculated | CVE-2025-57811 |
| Cursor–Cursor | The configuration of Cursor on macOS, specifically the “RunAsNode” fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Cursor, potentially disguising attacker’s malicious intent. This issue was detected in 15.4.1 version of Cursor. Project maintainers decided not to fix this issue, because a scenario including a local attacker falls outside their defined threat model. | 2025-08-26 | not yet calculated | CVE-2025-9190 |
| D-Link–DCS-825L | D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported. | 2025-08-27 | not yet calculated | CVE-2025-55582 |
| D-Link–DI-8100 | D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial of Service (DoS) by sending crafted GET requests with overly long values for these parameters. | 2025-08-25 | not yet calculated | CVE-2025-51281 |
| D-Link–DIR-110 | Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC. | 2025-08-27 | not yet calculated | CVE-2018-25115 |
| D-Link–DIR-868L | D-Link DIR-868L B1 router firmware version FW2.05WWB02 contains an unauthenticated OS command injection vulnerability in the fileaccess.cgi component. The endpoint /dws/api/UploadFile accepts a pre_api_arg parameter that is passed directly to system-level shell execution functions without sanitization or authentication. Remote attackers can exploit this to execute arbitrary commands as root via crafted HTTP requests. | 2025-08-28 | not yet calculated | CVE-2025-55583 |
| D-Link–DSL-7740C | Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | 2025-08-25 | not yet calculated | CVE-2025-29514 |
| D-Link–DSL-7740C | Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device’s XML database, including the administrator’s password. | 2025-08-25 | not yet calculated | CVE-2025-29515 |
| D-Link–DSL-7740C | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | 2025-08-25 | not yet calculated | CVE-2025-29516 |
| D-Link–DSL-7740C | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | 2025-08-25 | not yet calculated | CVE-2025-29517 |
| D-Link–DSL-7740C | A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | 2025-08-25 | not yet calculated | CVE-2025-29519 |
| D-Link–DSL-7740C | Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | 2025-08-25 | not yet calculated | CVE-2025-29520 |
| D-Link–DSL-7740C | Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack. | 2025-08-25 | not yet calculated | CVE-2025-29521 |
| D-Link–DSL-7740C | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. | 2025-08-25 | not yet calculated | CVE-2025-29522 |
| D-Link–DSL-7740C | D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. | 2025-08-25 | not yet calculated | CVE-2025-29523 |
| DASAN NETWORKS–DASAN GPON ONU H660WM | Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information. | 2025-08-25 | not yet calculated | CVE-2025-29524 |
| DASAN NETWORKS–DASAN GPON ONU H660WM | DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem’s control panel. | 2025-08-25 | not yet calculated | CVE-2025-29525 |
| DASAN NETWORKS–DASAN GPON ONU H660WM | DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any authentication. | 2025-08-25 | not yet calculated | CVE-2025-44178 |
| dataease–dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2’s filtering logic and returns the H2 JDBC URL, allowing the “driver”:”org.h2.Driver” to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12. | 2025-08-25 | not yet calculated | CVE-2025-57772 |
| dataease–dataease | DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12. | 2025-08-25 | not yet calculated | CVE-2025-57773 |
| Diebold Nixdorf–Vynamic Security Suite | Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition. | 2025-08-29 | not yet calculated | CVE-2024-46916 |
| Diebold Nixdorf–Vynamic Security Suite | Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes. | 2025-08-29 | not yet calculated | CVE-2024-46917 |
| Digital Arts Inc.–i- 6.0 | Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges. | 2025-08-27 | not yet calculated | CVE-2025-57846 |
| Dogfood CRM–Dogfood CRM | Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO. | 2025-08-30 | not yet calculated | CVE-2009-20010 |
| DOS Co., Ltd.–SS1 | Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker. | 2025-08-28 | not yet calculated | CVE-2025-46409 |
| DOS Co., Ltd.–SS1 | Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be accessed by a remote unauthenticated attacker. | 2025-08-28 | not yet calculated | CVE-2025-52460 |
| DOS Co., Ltd.–SS1 | Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges. | 2025-08-28 | not yet calculated | CVE-2025-53396 |
| DOS Co., Ltd.–SS1 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges. | 2025-08-28 | not yet calculated | CVE-2025-53970 |
| DOS Co., Ltd.–SS1 | SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges. | 2025-08-28 | not yet calculated | CVE-2025-54762 |
| DOS Co., Ltd.–SS1 | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, legitimate files may be overwritten by a remote authenticated attacker. | 2025-08-28 | not yet calculated | CVE-2025-54819 |
| DOS Co., Ltd.–SS1 | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, arbitrary files may be viewed by a remote unauthenticated attacker. | 2025-08-28 | not yet calculated | CVE-2025-58072 |
| DOS Co., Ltd.–SS1 | Use of hard-coded password issue/vulnerability in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to view arbitrary files with root privileges. | 2025-08-28 | not yet calculated | CVE-2025-58081 |
| eventlet–eventlet | Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients. | 2025-08-29 | not yet calculated | CVE-2025-58068 |
| Exiv2–exiv2 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6. | 2025-08-29 | not yet calculated | CVE-2025-54080 |
| Exiv2–exiv2 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6. | 2025-08-29 | not yet calculated | CVE-2025-55304 |
| Feijiu Medical Technology Co., Ltd.–Bian Que Feijiu Intelligent Emergency and Quality Control System | An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input in the strOpid parameter, allowing attackers to inject arbitrary SQL statements. This can lead to data exfiltration, authentication bypass, and potentially remote code execution, depending on backend configuration. The vulnerability is presumed to affect builds released prior to June 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC. | 2025-08-27 | not yet calculated | CVE-2025-34162 |
| FreePBX–security-reporting | FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. | 2025-08-28 | not yet calculated | CVE-2025-57819 |
| Fujian Apex Software Co. Ltd.–LiveBOS | LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload crafted files outside the intended directory structure via path traversal in the filename parameter. Successful exploitation may lead to remote code execution on the server, enabling full system compromise. The vulnerability is presumed to affect builds released prior to August 2024 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC. | 2025-08-27 | not yet calculated | CVE-2024-13981 |
| GitHub–Enterprise Server | An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by creating a diff between the repositories. To exploit this vulnerability, an attacker needed to know the name of a private repository along with its branches, tags, or commit SHAs that they could use to trigger compare/diff functionality and retrieve limited code without proper authorization. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.18, and was fixed in versions 3.14.17, 3.15.12, 3.16.8 and 3.17.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2025-08-26 | not yet calculated | CVE-2025-8447 |
| github.com/gorilla/csrf–github.com/gorilla/csrf | Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can’t get it to submit to https://example.com because the Origin header is checked with sameOrigin against a synthetic URL. However, if a host is added to TrustedOrigins, both its HTTP and HTTPS origins will be allowed, because the schema of the synthetic URL is ignored and only the host is checked. For example, if an application is hosted on https://example.com and adds example.net to TrustedOrigins, a network attacker can serve a form at http://example.net to perform the attack. Applications should migrate to net/http.CrossOriginProtection, introduced in Go 1.25. If that is not an option, a backport is available as a module at filippo.io/csrf, and a drop-in replacement for the github.com/gorilla/csrf API is available at filippo.io/csrf/gorilla. | 2025-08-29 | not yet calculated | CVE-2025-47909 |
| Google Cloud–Dataform | A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers’ repositories via a maliciously crafted package.json file. | 2025-08-25 | not yet calculated | CVE-2025-9118 |
| Google–Android | In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2023-21125 |
| Google–Android | In multiple locations, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2024-49740 |
| Google–Android | In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0074 |
| Google–Android | In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0075 |
| Google–Android | In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0078 |
| Google–Android | In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0079 |
| Google–Android | In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0080 |
| Google–Android | In dng_lossless_decoder::HuffDecode of dng_lossless_jpeg.cpp, there is a possible way to cause a crash due to uninitialized data. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0081 |
| Google–Android | In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0082 |
| Google–Android | In multiple locations, there is a possible way to access content across user profiles due to URI double encoding. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0083 |
| Google–Android | In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0084 |
| Google–Android | In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0086 |
| Google–Android | In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0092 |
| Google–Android | In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-0093 |
| Google–Android | In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22403 |
| Google–Android | In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22404 |
| Google–Android | In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22405 |
| Google–Android | In bnepu_check_send_packet of bnep_utils.cc, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22406 |
| Google–Android | In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22407 |
| Google–Android | In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22408 |
| Google–Android | In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22409 |
| Google–Android | In multiple locations, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22410 |
| Google–Android | In process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22411 |
| Google–Android | In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22412 |
| Google–Android | In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-22413 |
| Google–Android | In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-08-26 | not yet calculated | CVE-2025-26417 |
| Google–Chrome | Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 2025-08-26 | not yet calculated | CVE-2025-9478 |
| H3C Group–Intelligent Management Center (iMC) | H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters, potentially leading to arbitrary command execution. This flaw does not require authentication and may be exploited without session cookies. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-28 UTC. | 2025-08-27 | not yet calculated | CVE-2024-13980 |
| Hangzhou Shengqiao Technology Co. Ltd.–St. Joe ERP System (“ERP”) | A SQL injection vulnerability exists in the St. Joe ERP system (“圣乔ERP系统”) that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into SQL queries, enabling direct manipulation of the backend database. Successful exploitation may result in unauthorized data access, modification of records, or limited disruption of service. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-04-14 UTC. | 2025-08-27 | not yet calculated | CVE-2024-13979 |
| Hitron–CGNF-TWN Cable Modem | Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arbitrary commands through the telnet interface when prompted for inputs or commands. Successful exploitation could lead to remote code execution (RCE) under the privileges of the telnet user, potentially allowing unauthorized access to system settings and sensitive information. | 2025-08-25 | not yet calculated | CVE-2025-44179 |
| Hyundai–Hyundai Navigation App | In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered. | 2025-08-27 | not yet calculated | CVE-2025-55618 |
| iND Co.,Ltd–HL330-DLS (for module MC7700) | Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status]. | 2025-08-29 | not yet calculated | CVE-2025-53507 |
| iND Co.,Ltd–HL330-DLS (for module MC7700) | Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]. | 2025-08-29 | not yet calculated | CVE-2025-53508 |
| Invoice Ninja–Invoice Ninja | Invoice Ninja’s configuration on macOS, specifically the presence of entitlement “com.apple.security.get-task-allow”, allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application’s context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator’s credentials. Since there is no prompt when the target process has “get-task-allow” entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in version 5.0.175 | 2025-08-26 | not yet calculated | CVE-2025-8700 |
| Kapsch–TrafficCom RIS-9160, RIS-9260 | Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device. | 2025-08-26 | not yet calculated | CVE-2025-25733 |
| Konica Minolta, Inc.–Multiple products in bizhub series | Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature. | 2025-08-29 | not yet calculated | CVE-2025-54777 |
| Liferay–Portal | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a security vulnerability that allowing for improper access through the expandoTableLocalService. | 2025-08-29 | not yet calculated | CVE-2025-43773 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we’re not doing async, the handling is much simpler. There’s no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I’m not seeing a UAF as I did in the past, I think aec7961916f3 (“tls: fix race between async notify and socket close”) took care of it. This will make the next fix easier. | 2025-08-28 | not yet calculated | CVE-2024-58240 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of “acpiid” if the “str” argument is maximum length. | 2025-08-26 | not yet calculated | CVE-2025-38676 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x17e/0x800 mm/kasan/report.c:480 kasan_report+0x147/0x180 mm/kasan/report.c:593 data_blkaddr fs/f2fs/f2fs.h:3053 [inline] f2fs_data_blkaddr fs/f2fs/f2fs.h:3058 [inline] f2fs_get_dnode_of_data+0x1a09/0x1c40 fs/f2fs/node.c:855 f2fs_reserve_block+0x53/0x310 fs/f2fs/data.c:1195 prepare_write_begin fs/f2fs/data.c:3395 [inline] f2fs_write_begin+0xf39/0x2190 fs/f2fs/data.c:3594 generic_perform_write+0x2c7/0x910 mm/filemap.c:4112 f2fs_buffered_write_iter fs/f2fs/file.c:4988 [inline] f2fs_file_write_iter+0x1ec8/0x2410 fs/f2fs/file.c:5216 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x546/0xa90 fs/read_write.c:686 ksys_write+0x149/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xf3/0x3d0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is in the corrupted image, there is a dnode has the same node id w/ its inode, so during f2fs_get_dnode_of_data(), it tries to access block address in dnode at offset 934, however it parses the dnode as inode node, so that get_dnode_addr() returns 360, then it tries to access page address from 360 + 934 * 4 = 4096 w/ 4 bytes. To fix this issue, let’s add sanity check for node id of all direct nodes during f2fs_get_dnode_of_data(). | 2025-08-30 | not yet calculated | CVE-2025-38677 |
| LSTM-Kirigaya–openmcp-client | LSTM-Kirigaya’s openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could provision a malicious authorization server endpoint to silently achieve an OS command injection attack in the open() invocation, leading to client system compromise. This issue has been patched in version 0.1.12. | 2025-08-28 | not yet calculated | CVE-2025-58062 |
| LumaSoft–fotoShare Cloud | Client-side password validation (CWE-602) in lumasoft fotoShare Cloud 2025-03-13 allowing unauthenticated attackers to view password-protected photo albums. | 2025-08-27 | not yet calculated | CVE-2025-56694 |
| lycheeverse–lychee-action | lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2. | 2025-08-28 | not yet calculated | CVE-2024-48908 |
| MacVim–MacVim | MacVim’s configuration on macOS, specifically the presence of entitlement “com.apple.security.get-task-allow”, allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application’s context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator’s credentials. Since there is no prompt when the target process has “get-task-allow” entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in build r181.2 | 2025-08-26 | not yet calculated | CVE-2025-8597 |
| MANWAR–CGI::Simple | CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions. Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters. As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks. The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete. Impact By injecting %0A (newline) into a query string parameter, an attacker can: * Break the current HTTP header * Inject a new header or entire body * Deliver a script payload that is reflected in the server’s response That can lead to the following attacks: * reflected XSS * open redirect * cache poisoning * header manipulation | 2025-08-29 | not yet calculated | CVE-2025-40927 |
| Meitrack–T366G-L GPS Tracker | Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device can use a standard SPI programmer to extract the firmware using flashrom. This results in exposure of sensitive configuration data such as APN credentials, backend server information, and network parameter | 2025-08-28 | not yet calculated | CVE-2025-51643 |
| Microsoft–Windows | Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373. | 2025-08-26 | not yet calculated | CVE-2025-9491 |
| MINOVA Information Services GmbH–TTA | Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse. Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs | 2025-08-25 | not yet calculated | CVE-2025-7426 |
| Mitrastar–GPT-2741GNAC-N2 | Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command “deviceinfo show file” is supposed to be used from restricted shell to show files and directories. By providing ” /bin/sh” (quotes included) to the argument of this command will drop a root shell. | 2025-08-26 | not yet calculated | CVE-2025-50753 |
| mlc-ai–xgrammar | XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has been resolved in version 0.1.21. | 2025-08-25 | not yet calculated | CVE-2025-57809 |
| Mosh-Pro–Mosh-Pro | The configuration of Mosh-Pro on macOS, specifically the “RunAsNode” fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker’s malicious intent. This issue was detected in 1.3.2 version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown. | 2025-08-26 | not yet calculated | CVE-2025-53811 |
| Moxa–Utility for DRP-A100 Series | An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a malicious executable in a higher-priority directory within the search path. When the Serial Interface service starts, the malicious executable could be run with SYSTEM privileges. Successful exploitation could allow privilege escalation or enable an attacker to maintain persistence on the affected system. While successful exploitation can severely impact the confidentiality, integrity, and availability of the affected device itself, there is no loss of confidentiality, integrity, or availability within any subsequent systems. | 2025-08-25 | not yet calculated | CVE-2025-5191 |
| n/a–AbanteCart | Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php. | 2025-08-26 | not yet calculated | CVE-2025-50971 |
| n/a–AbanteCart | SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmpl_id parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP(), and UNION-based injection to extract arbitrary data. | 2025-08-27 | not yet calculated | CVE-2025-50972 |
| n/a–Adminer | Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service (memory consumption) via a crafted serialized payload (e.g., using s:1000000000), leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which forces excessive memory usage, rendering Adminer’s interface unresponsive and causing a server-level DoS. While the server may recover after several minutes, multiple simultaneous requests can cause a complete crash requiring manual intervention. | 2025-08-25 | not yet calculated | CVE-2025-43960 |
| n/a–Badaso CMS | An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension. | 2025-08-26 | not yet calculated | CVE-2025-52353 |
| n/a–Bevy | The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. | 2025-08-27 | not yet calculated | CVE-2025-54598 |
| n/a–copyparty | Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. | 2025-08-29 | not yet calculated | CVE-2023-41471 |
| n/a–CraftCMS Freeform | Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection (SSTI) vulnerability, resulting in arbitrary code injection for all users that have access to editing a form (submission title). | 2025-08-27 | not yet calculated | CVE-2025-52122 |
| n/a–diskover-web | diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PASS, ES_MAXSIZE, ES_TRANSLOGSIZE, ES_TIMEOUT, ES_USER, ES_HOST, ES_PORT, ES_SCROLLSIZE, ES_CHUNKSIZE and others can be crafted to inject arbitrary SQLite expressions wrapped in JSON functions. By exploiting these injection points, an attacker can infer or extract sensitive information from the underlying database without authentication. This issue stems from improper input validation and parameterization in the application’s JSON-based query construction. | 2025-08-27 | not yet calculated | CVE-2025-50984 |
| n/a–diskover-web | diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting (XSS) flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q (query), and doctype are directly echoed into the HTML response, allowing attackers to inject and execute arbitrary JavaScript when a victim visits a maliciously crafted URL. | 2025-08-27 | not yet calculated | CVE-2025-50985 |
| n/a–diskover-web | diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting (XSS) vulnerabilities in its administrative settings interface. Various configuration fields such as ES_HOST, ES_INDEXREFRESH, ES_PORT, ES_SCROLLSIZE, ES_TRANSLOGSIZE, ES_TRANSLOGSYNCINT, EXCLUDES_FILES, FILE_TYPES[], INCLUDES_DIRS, INCLUDES_FILES, and TIMEZONE do not properly sanitize user-supplied input. Malicious payloads submitted via these parameters are persisted in the application and executed whenever an administrator views or edits the settings page. | 2025-08-27 | not yet calculated | CVE-2025-50986 |
| n/a–docmost | Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code | 2025-08-25 | not yet calculated | CVE-2025-55574 |
| n/a–Evope Core | An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys. | 2025-08-29 | not yet calculated | CVE-2025-56577 |
| n/a–FormCMS | FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context. | 2025-08-28 | not yet calculated | CVE-2025-56236 |
| n/a–FoxCMS | FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code. | 2025-08-25 | not yet calculated | CVE-2025-55409 |
| n/a–FoxCMS | In FoxCMS 1.2.6, there is a reflected Cross Site Scripting (XSS) vulnerability in /index.php/plus. | 2025-08-27 | not yet calculated | CVE-2025-55422 |
| n/a–Gitblit | In Gitblit v1.7.1, a reflected cross-site scripting (XSS) vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient input sanitization of filename elements. | 2025-08-27 | not yet calculated | CVE-2025-50978 |
| n/a–Helpy.io | Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion. | 2025-08-26 | not yet calculated | CVE-2025-52184 |
| n/a–IPFire | The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of the following parameters BYTE_UNIT, DAY_BEGIN, DAY_END, HIST_LEVEL, MONTH_BEGIN, MONTH_END, NUM_CONTENT, NUM_DOMAINS, NUM_HOSTS, NUM_URLS, PERF_INTERVAL, YEAR_BEGIN, YEAR_END. | 2025-08-26 | not yet calculated | CVE-2025-50974 |
| n/a–IPFire | IPFire 2.29 web-based firewall interface (firewall.cgi) fails to sanitize several rule parameters such as PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, and tgt_addr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed whenever another admin views the firewall rules page, enabling session hijacking, unauthorized actions within the interface, or further internal pivoting. Exploitation requires only high-privilege GUI access, and the complexity of the attack is low. | 2025-08-26 | not yet calculated | CVE-2025-50975 |
| n/a–IPFire | IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | 2025-08-26 | not yet calculated | CVE-2025-50976 |
| n/a–n/a | Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root. | 2025-08-26 | not yet calculated | CVE-2025-25732 |
| n/a–n/a | Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process. | 2025-08-26 | not yet calculated | CVE-2025-25734 |
| n/a–n/a | Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time. | 2025-08-26 | not yet calculated | CVE-2025-25735 |
| n/a–n/a | Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the cellular modem via the default ‘kapsch’ user. | 2025-08-26 | not yet calculated | CVE-2025-25736 |
| n/a–n/a | Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack. | 2025-08-26 | not yet calculated | CVE-2025-25737 |
| n/a–n/a | A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the ‘r’ parameter and allows attackers to inject malicious Angular expressions that execute JavaScript code in the context of the application. The flaw can be exploited through GET requests to the summary endpoint as well as POST requests to specific Wicket interface endpoints, though the GET method provides easier weaponization. This vulnerability enables authenticated administrators to execute arbitrary client-side code, potentially leading to session hijacking, data theft, or further privilege escalation attacks. | 2025-08-27 | not yet calculated | CVE-2025-50977 |
| n/a–n/a | SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlmap confirmed exploitation via stacked queries, demonstrating that the parameter can be abused to run arbitrary SQL statements. A heavy query was executed using SQLite’s RANDOMBLOB() and HEX() functions to simulate a time-based payload, indicating deep control over database interactions. | 2025-08-27 | not yet calculated | CVE-2025-50983 |
| n/a–n8n-workflow | n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py | 2025-08-26 | not yet calculated | CVE-2025-55526 |
| n/a–NodeBB | NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote attackers to inject boolean-based blind and PostgreSQL error-based payloads. | 2025-08-27 | not yet calculated | CVE-2025-50979 |
| n/a–NotesCMS | A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08) and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. | 2025-08-26 | not yet calculated | CVE-2025-52035 |
| n/a–NotesCMS | A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79. | 2025-08-26 | not yet calculated | CVE-2025-52036 |
| n/a–NotesCMS | A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79. | 2025-08-26 | not yet calculated | CVE-2025-52037 |
| n/a–O2OA | O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. | 2025-08-27 | not yet calculated | CVE-2024-37777 |
| n/a–oa_system oasys | SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java | 2025-08-29 | not yet calculated | CVE-2025-44033 |
| n/a–OPNsense | OPNsense 25.1 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation grants RCE with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations. | 2025-08-27 | not yet calculated | CVE-2025-50989 |
| n/a–PerfreeBlog | PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. | 2025-08-25 | not yet calculated | CVE-2025-29420 |
| n/a–PerfreeBlog | PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. | 2025-08-25 | not yet calculated | CVE-2025-29421 |
| n/a–RaspAP | In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the interface parameter. | 2025-08-27 | not yet calculated | CVE-2025-50428 |
| n/a–Rebuild | Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location. | 2025-08-25 | not yet calculated | CVE-2024-46412 |
| n/a–Rebuild | Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method. | 2025-08-25 | not yet calculated | CVE-2024-46413 |
| n/a–Rebuild | An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-decoded request path, and then determine whether the path endsWith /error. If so, execute return true to skip this Interceptor. Else, redirect to /user/login api. Allowing unauthenticated attackers to gain sensitive information or escalated privileges. | 2025-08-25 | not yet calculated | CVE-2025-50900 |
| n/a–simple-admin-core | An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial data leakage or disruption of normal system operations. | 2025-08-27 | not yet calculated | CVE-2025-51667 |
| n/a–SMM Panel | SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail. | 2025-08-25 | not yet calculated | CVE-2025-55575 |
| n/a–sparkshop | Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component | 2025-08-25 | not yet calculated | CVE-2025-50722 |
| n/a–spimsimulator | spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory read/write to point to distinct memory segments within the virtual machine, it is possible to circumvent these checks. | 2025-08-28 | not yet calculated | CVE-2025-29364 |
| n/a–System PDV | An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users’ data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information. | 2025-08-25 | not yet calculated | CVE-2025-45968 |
| n/a–Telpo MDM | Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device’s external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data. | 2025-08-26 | not yet calculated | CVE-2025-55443 |
| n/a–WebErpMesv2 | File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server. | 2025-08-25 | not yet calculated | CVE-2025-52130 |
| Nagios–Nagios XI | Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user. | 2025-08-28 | not yet calculated | CVE-2024-13986 |
| NAVER–NAVER MYBOX Explorer | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks. | 2025-08-28 | not yet calculated | CVE-2025-58322 |
| NAVER–NAVER MYBOX Explorer | NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks. | 2025-08-29 | not yet calculated | CVE-2025-58323 |
| NetScaler–ADC | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX | 2025-08-26 | not yet calculated | CVE-2025-7775 |
| NetScaler–ADC | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | 2025-08-26 | not yet calculated | CVE-2025-7776 |
| NetScaler–ADC | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | 2025-08-26 | not yet calculated | CVE-2025-8424 |
| NetSupport Ltd.–NetSupport Manager | A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution. | 2025-08-29 | not yet calculated | CVE-2025-34164 |
| NetSupport Ltd.–NetSupport Manager | A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory. | 2025-08-29 | not yet calculated | CVE-2025-34165 |
| norrnext.com–Quantum Mamanger component for Joomla | A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. The SVG upload feature does not sanitize uploads. | 2025-08-25 | not yet calculated | CVE-2025-54300 |
| norrnext.com–Quantum Mamanger component for Joomla | A stored XSS vulnerability in Quantum Manager component 1.0.0-3.2.0 for Joomla was discovered. File names are not properly escaped. | 2025-08-25 | not yet calculated | CVE-2025-54301 |
| Nozbe–Nozbe | The configuration of Nozbe on macOS, specifically the “RunAsNode” fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 2025.11 of Nozbe. | 2025-08-26 | not yet calculated | CVE-2025-53813 |
| NSFOCUS–SecGate3600 Firewall | SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC. | 2025-08-27 | not yet calculated | CVE-2023-7308 |
| Oberon microsystems AG–Oberon PSA Crypto | Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | 2025-08-29 | not yet calculated | CVE-2025-7383 |
| Oberon microsystems AG–Oberon PSA Crypto | Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs. | 2025-08-29 | not yet calculated | CVE-2025-9071 |
| Oberon microsystems AG–ocrypto | Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | 2025-08-29 | not yet calculated | CVE-2025-7071 |
| opencast–opencast | Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder. | 2025-08-29 | not yet calculated | CVE-2025-55202 |
| OpenSolution–QuickCMS | QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin’s panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-08-28 | not yet calculated | CVE-2025-54540 |
| OpenSolution–QuickCMS | QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-08-28 | not yet calculated | CVE-2025-54541 |
| OpenSolution–QuickCMS | QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim’s browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-08-28 | not yet calculated | CVE-2025-54542 |
| OpenSolution–QuickCMS | QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-08-28 | not yet calculated | CVE-2025-54543 |
| OpenSolution–QuickCMS | QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScript into the website. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-08-28 | not yet calculated | CVE-2025-54544 |
| OpenSolution–QuickCMS | QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin’s panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn’t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | 2025-08-28 | not yet calculated | CVE-2025-55175 |
| OpenText–OpenText Enterprise Security Manager | A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. | 2025-08-25 | not yet calculated | CVE-2025-3478 |
| OpenText–OpenText Enterprise Security Manager | An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. | 2025-08-25 | not yet calculated | CVE-2025-8997 |
| OpenText–Self Service Password Reset | Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. | 2025-08-29 | not yet calculated | CVE-2025-5808 |
| parallax–jsPDF | jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2. | 2025-08-26 | not yet calculated | CVE-2025-57810 |
| Payload CMS–Payload | Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). This issue has been fixed in version 3.44.0 of Payload. | 2025-08-29 | not yet calculated | CVE-2025-4643 |
| Payload CMS–Payload | A Session Fixation vulnerability existed in Payload’s SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user. This issue has been fixed in version 3.44.0 of Payload. | 2025-08-29 | not yet calculated | CVE-2025-4644 |
| PCRE2Project–pcre2 | The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:…) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46. | 2025-08-27 | not yet calculated | CVE-2025-58050 |
| PFU Limited–ScanSnap Manager installers | Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command. | 2025-08-27 | not yet calculated | CVE-2025-57797 |
| phpgurukul–Hospital Management System | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | 2025-08-25 | not yet calculated | CVE-2025-56212 |
| phpgurukul–Hospital Management System | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | 2025-08-25 | not yet calculated | CVE-2025-56214 |
| phpgurukul–Hospital Management System | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. | 2025-08-25 | not yet calculated | CVE-2025-56215 |
| phpgurukul–Hospital Management System | phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. | 2025-08-25 | not yet calculated | CVE-2025-56216 |
| PHPOffice–PhpSpreadsheet | PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the PhpOffice\PhpSpreadsheet\Worksheet\Drawing class, where a crafted string from the user is passed to the HTML reader. This issue has been patched in versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0. | 2025-08-25 | not yet calculated | CVE-2025-54370 |
| ProjectsAndPrograms–School Management System | A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser. | 2025-08-28 | not yet calculated | CVE-2025-51967 |
| PuneethReddyHC–Online Shopping System Advanced | A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions. | 2025-08-28 | not yet calculated | CVE-2025-51968 |
| PuneethReddyHC–Online Shopping System Advanced | A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not properly validated before being included in a SQL statement. | 2025-08-28 | not yet calculated | CVE-2025-51969 |
| PuneethReddyHC–Online Shopping System Advanced | A reflected Cross-Site Scripting (XSS) vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the f_name parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to inject arbitrary JavaScript code. | 2025-08-28 | not yet calculated | CVE-2025-51971 |
| PuneethReddyHC–Online Shopping System Advanced | A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | 2025-08-28 | not yet calculated | CVE-2025-51972 |
| python-hyper–h2 | h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0. | 2025-08-25 | not yet calculated | CVE-2025-57804 |
| Qi’anxin–TianQing Management Center | QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename parameter in multipart form-data requests, enabling path traversal. This allows attackers to place executable files in web-accessible directories, potentially leading to remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC. | 2025-08-27 | not yet calculated | CVE-2024-13984 |
| Qingdao Dongsheng Weiye Software Co., Ltd.–Dongsheng Logistics Software | Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST request. This allows remote code execution on the server, potentially leading to full system compromise. The vulnerability is presumed to affect builds released prior to July 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC. | 2025-08-27 | not yet calculated | CVE-2025-34163 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29874 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29875 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29878 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29879 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29886 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29888 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29889 |
| QNAP Systems Inc.–File Station 5 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29890 |
| QNAP Systems Inc.–File Station 5 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29899 |
| QNAP Systems Inc.–File Station 5 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4907 and later | 2025-08-29 | not yet calculated | CVE-2025-29900 |
| QNAP Systems Inc.–File Station 5 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later | 2025-08-26 | not yet calculated | CVE-2025-29901 |
| QNAP Systems Inc.–HybridDesk Station | A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: HybridDesk Station 4.2.18 and later | 2025-08-29 | not yet calculated | CVE-2025-44015 |
| QNAP Systems Inc.–License Center | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: License Center 1.8.51 and later License Center 1.9.51 and later | 2025-08-29 | not yet calculated | CVE-2025-22483 |
| QNAP Systems Inc.–Photo Station | A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: Photo Station 6.4.5 ( 2025/01/02 ) and later | 2025-08-29 | not yet calculated | CVE-2024-12923 |
| QNAP Systems Inc.–Qsync Central | An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-29893 |
| QNAP Systems Inc.–Qsync Central | An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-29894 |
| QNAP Systems Inc.–Qsync Central | An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-29898 |
| QNAP Systems Inc.–Qsync Central | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30260 |
| QNAP Systems Inc.–Qsync Central | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30261 |
| QNAP Systems Inc.–Qsync Central | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30262 |
| QNAP Systems Inc.–Qsync Central | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.0 ( 2025/06/13 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30263 |
| QNAP Systems Inc.–Qsync Central | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30275 |
| QNAP Systems Inc.–Qsync Central | An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30277 |
| QNAP Systems Inc.–Qsync Central | An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-30278 |
| QNAP Systems Inc.–Qsync Central | A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-33033 |
| QNAP Systems Inc.–Qsync Central | A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-33036 |
| QNAP Systems Inc.–Qsync Central | A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-33037 |
| QNAP Systems Inc.–Qsync Central | A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later | 2025-08-29 | not yet calculated | CVE-2025-33038 |
| QNAP Systems Inc.–QTS | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-29882 |
| QNAP Systems Inc.–QTS | A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30264 |
| QNAP Systems Inc.–QTS | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30265 |
| QNAP Systems Inc.–QTS | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30267 |
| QNAP Systems Inc.–QTS | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30268 |
| QNAP Systems Inc.–QTS | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30270 |
| QNAP Systems Inc.–QTS | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30271 |
| QNAP Systems Inc.–QTS | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30272 |
| QNAP Systems Inc.–QTS | An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30273 |
| QNAP Systems Inc.–QTS | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-30274 |
| QNAP Systems Inc.–QTS | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later | 2025-08-29 | not yet calculated | CVE-2025-33032 |
| QNAP Systems Inc.–QuRouter | A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later | 2025-08-29 | not yet calculated | CVE-2025-29887 |
| QNAP Systems Inc.–VioStor | An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later | 2025-08-29 | not yet calculated | CVE-2025-52856 |
| QNAP Systems Inc.–VioStor | A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: VioStor 5.1.6 build 20250621 and later | 2025-08-29 | not yet calculated | CVE-2025-52861 |
| Raxnet/Ian Berry–Cacti | Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity. | 2025-08-30 | not yet calculated | CVE-2005-10004 |
| run-llama–run-llama/llama_index | A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process. The issue is resolved in version 0.12.38. | 2025-08-25 | not yet calculated | CVE-2025-5302 |
| Sangfor Technologies Co. Ltd.–Sangfor Behavior Management System (DC Management System) | Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity definitions, leading to potential disclosure of internal files, server-side request forgery (SSRF), or other impacts depending on parser behavior. The vulnerability is due to improper configuration of the XML parser, which allows resolution of external entities without restriction. This product is now integrated into their IAM (Internet Access Management) platform and an affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2023-09-06 UTC. | 2025-08-27 | not yet calculated | CVE-2023-7307 |
| SelectZero–Data Observability Platform | SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML. | 2025-08-26 | not yet calculated | CVE-2025-52217 |
| SelectZero–Data Observability Platform | SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page. | 2025-08-26 | not yet calculated | CVE-2025-52218 |
| SelectZero–Data Observability Platform | SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection. | 2025-08-26 | not yet calculated | CVE-2025-52219 |
| Shanghai Aishu Information Technology Co., Ltd.–AnyShare | AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC. | 2025-08-27 | not yet calculated | CVE-2025-34160 |
| SolidInvoice–SolidInvoice | SolidInvoice 2.3.7 and fixed in v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the Tax Rate functionality. | 2025-08-29 | not yet calculated | CVE-2025-55579 |
| SolidInvoice–SolidInvoice | SolidInvoice 2.3.7 and v.2.3.8 is vulnerable to Cross Site Scripting (XSS) in the client’s functionality. | 2025-08-29 | not yet calculated | CVE-2025-55580 |
| SourceCodester–FAQ Management System | A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the ‘question’ and ‘answer’ fields via the update-faq.php endpoint. | 2025-08-26 | not yet calculated | CVE-2025-57425 |
| SUNNET Technology Co., Ltd.–Corporate Training Management System | A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication. | 2025-08-30 | not yet calculated | CVE-2025-54942 |
| SUNNET Technology Co., Ltd.–Corporate Training Management System | A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks. | 2025-08-30 | not yet calculated | CVE-2025-54943 |
| SUNNET Technology Co., Ltd.–Corporate Training Management System | An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution. | 2025-08-30 | not yet calculated | CVE-2025-54944 |
| SUNNET Technology Co., Ltd.–Corporate Training Management System | An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path. | 2025-08-30 | not yet calculated | CVE-2025-54945 |
| SUNNET Technology Co., Ltd.–Corporate Training Management System | A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | 2025-08-30 | not yet calculated | CVE-2025-54946 |
| Sunway–ForceControl | Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts. | 2025-08-30 | not yet calculated | CVE-2011-10032 |
| sveltejs–devalue | Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype pollution. This issue has been fixed in version 5.3.2 | 2025-08-26 | not yet calculated | CVE-2025-57820 |
| Tenda–AC10 | Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info. | 2025-08-28 | not yet calculated | CVE-2025-57215 |
| Tenda–AC10 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler. | 2025-08-28 | not yet calculated | CVE-2025-57217 |
| Tenda–AC10 | Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C. | 2025-08-28 | not yet calculated | CVE-2025-57218 |
| Tenda–AC10 | Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | 2025-08-28 | not yet calculated | CVE-2025-57219 |
| Tenda–AC10 | An input validation flaw in the ‘ate’ service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet. | 2025-08-28 | not yet calculated | CVE-2025-57220 |
| Tenda–AC6 | Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | 2025-08-27 | not yet calculated | CVE-2025-55495 |
| Tenda–AC8 | An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string and the last two octets of the MAC address of the device. This allows an unauthenticated attacker to authenticate with network services on the device. | 2025-08-28 | not yet calculated | CVE-2025-52054 |
| The-Scratch-Channel–tsc-web-client | The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who’s logged in. This issue has been patched in version 1.2. | 2025-08-25 | not yet calculated | CVE-2025-57805 |
| tokio-rs–tracing | tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences. | 2025-08-29 | not yet calculated | CVE-2025-58160 |
| TP-Link Systems Inc.–Archer C7(EU) V2 | The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It’s recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es). | 2025-08-29 | not yet calculated | CVE-2025-9377 |
| TP-Link Systems Inc.–TP-Link KP303 (US) Smartplug | The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0. | 2025-08-25 | not yet calculated | CVE-2025-8627 |
| TRENDnet–TV-IP410 | TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component. | 2025-08-29 | not yet calculated | CVE-2024-46484 |
| Ubiquiti Inc–UISP Application | An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. | 2025-08-28 | not yet calculated | CVE-2025-48979 |
| WM Downloader–WM Downloader | WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user. | 2025-08-30 | not yet calculated | CVE-2010-10017 |
| Zhejiang Dahua Technology Co., Ltd.–EIMS | A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without sanitization or authentication. By sending crafted HTTP requests, attackers can inject OS-level commands that are executed on the server, leading to full system compromise. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-04-06 UTC. | 2025-08-27 | not yet calculated | CVE-2024-13985 |
| Zhejiang Dahua Technology Co., Ltd.–Smart Park Integrated Management Platform | A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system. The vulnerability is presumed to affect builds released prior to September 2023 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-02-15 UTC. | 2025-08-27 | not yet calculated | CVE-2023-7309 |
| Zhengzhou Jinhui Computer System Engineering Co. Ltd. ; Beijing Dazheng Human Language Technology Academy–Green Dam Youth Escort | Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution. | 2025-08-30 | not yet calculated | CVE-2009-20008 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
