Total
3784 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9197 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2025-09-05 | 10.0 HIGH | N/A |
| The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | |||||
| CVE-2025-53791 | 2025-09-05 | N/A | 4.7 MEDIUM | ||
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-10013 | 2025-09-05 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2025-26424 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-55238 | 2025-09-05 | N/A | 7.5 HIGH | ||
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | |||||
| CVE-2025-54914 | 2025-09-05 | N/A | 10.0 CRITICAL | ||
| Azure Networking Elevation of Privilege Vulnerability | |||||
| CVE-2025-55244 | 2025-09-05 | N/A | 9.0 CRITICAL | ||
| Azure Bot Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-21031 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 6.8 MEDIUM |
| Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | |||||
| CVE-2025-36909 | 1 Google | 1 Android | 2025-09-05 | N/A | 5.3 MEDIUM |
| Information disclosure | |||||
| CVE-2024-52509 | 1 Nextcloud | 1 Mail | 2025-09-04 | N/A | 3.5 LOW |
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2. | |||||
| CVE-2025-9941 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9942 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9795 | 1 Tianti Project | 1 Tianti | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45170 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 8.1 HIGH |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings. | |||||
| CVE-2025-9772 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-9774 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9775 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-3410 | 1 Aias | 1 Aias | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in mymagicpower AIAS 20250308. This vulnerability affects unknown code of the file training_platform/train-platform/src/main/java/top/aias/training/controller/LocalStorageController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9841 | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9843 | 2025-09-04 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||