Total
308575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9582 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-54724 | 2025-08-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. | |||||
| CVE-2025-54738 | 2025-08-29 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9. | |||||
| CVE-2025-9585 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9591 | 2025-08-29 | 3.3 LOW | 2.4 LOW | ||
| A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54995 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. | |||||
| CVE-2025-53337 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | |||||
| CVE-2025-9649 | 2025-08-29 | 1.7 LOW | 3.3 LOW | ||
| A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3." | |||||
| CVE-2025-48979 | 2025-08-29 | N/A | 3.4 LOW | ||
| An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. | |||||
| CVE-2025-9576 | 2025-08-29 | 1.0 LOW | 2.5 LOW | ||
| A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48364 | 2025-08-29 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allows Server Side Request Forgery. This issue affects rajce: from n/a through 0.4.2. | |||||
| CVE-2025-9581 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-58335 | 2025-08-29 | N/A | 5.5 MEDIUM | ||
| In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function | |||||
| CVE-2025-9619 | 2025-08-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-31979 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms. | |||||
| CVE-2025-58047 | 2025-08-29 | N/A | 7.5 HIGH | ||
| Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error. | |||||
| CVE-2025-54777 | 2025-08-29 | N/A | 4.3 MEDIUM | ||
| Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature. | |||||
| CVE-2025-54734 | 2025-08-29 | N/A | 5.8 MEDIUM | ||
| Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. | |||||
| CVE-2025-48362 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | |||||
| CVE-2025-54742 | 2025-08-29 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8. | |||||