Total
32272 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52509 | 1 Nextcloud | 1 Mail | 2025-09-04 | N/A | 3.5 LOW |
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2. | |||||
| CVE-2024-34739 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21342 | 1 Google | 1 Android | 2025-09-04 | N/A | 7.8 HIGH |
| In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-9774 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-2443 | 1 Github | 1 Enterprise Server | 2025-09-04 | N/A | 9.1 CRITICAL |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-2469 | 1 Github | 1 Enterprise Server | 2025-09-04 | N/A | 8.0 HIGH |
| An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2024-32467 | 1 Metersphere | 1 Metersphere | 2025-09-04 | N/A | 5.7 MEDIUM |
| MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue. | |||||
| CVE-2024-28255 | 1 Open-metadata | 1 Openmetadata | 2025-09-04 | N/A | 9.8 CRITICAL |
| OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`. | |||||
| CVE-2024-47255 | 1 2n | 1 Access Commander | 2025-09-04 | N/A | 4.7 MEDIUM |
| In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions. | |||||
| CVE-2024-47254 | 1 2n | 1 Access Commander | 2025-09-04 | N/A | 6.3 MEDIUM |
| In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system. | |||||
| CVE-2024-34537 | 1 Typo3 | 1 Typo3 | 2025-09-03 | N/A | 4.9 MEDIUM |
| TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1. | |||||
| CVE-2025-9461 | 1 Diyhi | 1 Bbs | 2025-09-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-3831 | 1 Checkpoint | 1 Harmony Sase | 2025-09-03 | N/A | 8.1 HIGH |
| Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. | |||||
| CVE-2025-33051 | 1 Microsoft | 1 Exchange Server | 2025-09-03 | N/A | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-46762 | 1 Apache | 1 Parquet | 2025-09-02 | N/A | 8.1 HIGH |
| Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be executed. The exploit is only applicable if the client code of parquet-avro uses the "specific" or the "reflect" models deliberately for reading Parquet files. ("generic" model is not impacted) Users are recommended to upgrade to 1.15.2 or set the system property "org.apache.parquet.avro.SERIALIZABLE_PACKAGES" to an empty string on 1.15.1. Both are sufficient to fix the issue. | |||||
| CVE-2025-3735 | 1 Panelizer \(obsolete\) Project | 1 Panelizer \(obsolete\) | 2025-09-02 | N/A | 5.9 MEDIUM |
| Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*. | |||||
| CVE-2025-3736 | 1 Simple Gtm Project | 1 Simple Gtm | 2025-09-02 | N/A | 5.9 MEDIUM |
| Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*. | |||||
| CVE-2025-3737 | 1 Google Maps\ | 1 Store Locator Project | 2025-09-02 | N/A | 5.9 MEDIUM |
| Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*. | |||||
| CVE-2025-3738 | 1 Google Optimize Project | 1 Google Optimize | 2025-09-02 | N/A | 5.9 MEDIUM |
| Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*. | |||||
| CVE-2025-3903 | 1 Ueditor Project | 1 Ueditor | 2025-09-02 | N/A | 7.3 HIGH |
| Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*. | |||||