Total
3797 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9847 | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-20335 | 2025-09-04 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default. | |||||
| CVE-2024-39701 | 1 Monospace | 1 Directus | 2025-09-04 | N/A | 6.3 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if **field** matches any of the **values**. This vulnerability is fixed in 10.6.0. | |||||
| CVE-2024-36535 | 1 Layer5 | 1 Meshery | 2025-09-03 | N/A | 9.8 CRITICAL |
| Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||
| CVE-2024-43031 | 1 Autman | 1 Autman | 2025-09-03 | N/A | 4.3 MEDIUM |
| autMan v2.9.6 was discovered to contain an access control issue. | |||||
| CVE-2022-20358 | 1 Google | 1 Android | 2025-09-03 | N/A | 3.3 LOW |
| In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608 | |||||
| CVE-2025-9461 | 1 Diyhi | 1 Bbs | 2025-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-57219 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2025-09-03 | N/A | 5.3 MEDIUM |
| Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request. | |||||
| CVE-2025-8344 | 1 Viglet | 1 Shio | 2025-09-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in openviglet shio up to 0.3.8. Affected is the function shStaticFileUpload of the file shio-app/src/main/java/com/viglet/shio/api/staticfile/ShStaticFileAPI.java. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8795 | 1 Litmuschaos | 1 Litmus | 2025-09-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29514 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 9.8 CRITICAL |
| Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | |||||
| CVE-2025-29515 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 9.8 CRITICAL |
| Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | |||||
| CVE-2025-29520 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 5.3 MEDIUM |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | |||||
| CVE-2025-9476 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the argument employee_file201 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9475 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the argument employee_file201 causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-57758 | 1 Contao | 1 Contao | 2025-09-02 | N/A | 4.3 MEDIUM |
| Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE. | |||||
| CVE-2023-40070 | 2 Apple, Intel | 2 Macos, Power Gadget | 2025-09-02 | N/A | 8.8 HIGH |
| Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-9800 | 2025-09-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. This patch is called 45372aece5e05e04b417442417416a52e90ba174. A patch should be applied to remediate this issue. | |||||
| CVE-2024-32483 | 1 Intel | 1 Endpoint Management Assistant | 2025-09-02 | N/A | 8.2 HIGH |
| Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-44271 | 1 Apple | 1 Macos | 2025-09-02 | N/A | 3.3 LOW |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator. | |||||