Total
308971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28988 | 2025-09-02 | N/A | 9.8 CRITICAL | ||
| SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing this report. The ZDI team was able to discover an unauthenticated attack during their research. We recommend all Web Help Desk customers apply the patch, which is now available. We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities. | |||||
| CVE-2022-38692 | 2025-09-02 | N/A | 9.8 CRITICAL | ||
| In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges. | |||||
| CVE-2010-10017 | 2025-09-02 | N/A | N/A | ||
| WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records and execute arbitrary code. Exploitation occurs locally when a user opens the malicious file, and the payload executes with the privileges of the current user. | |||||
| CVE-2025-9688 | 2025-09-02 | 5.1 MEDIUM | 5.0 MEDIUM | ||
| A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-9568 | 2025-09-02 | N/A | 6.1 MEDIUM | ||
| The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | |||||
| CVE-2025-9573 | 2025-09-02 | N/A | N/A | ||
| The ns_backup extension through 13.0.2 for TYPO3 allows command injection. | |||||
| CVE-2024-12924 | 2025-09-02 | N/A | 6.3 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12. | |||||
| CVE-2025-41030 | 2025-09-02 | N/A | N/A | ||
| Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter. | |||||
| CVE-2025-41031 | 2025-09-02 | N/A | N/A | ||
| Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage’. | |||||
| CVE-2022-38694 | 2025-09-02 | N/A | 7.8 HIGH | ||
| In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||
| CVE-2022-38693 | 2025-09-02 | N/A | 9.8 CRITICAL | ||
| In FDL1, there is a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges. | |||||
| CVE-2025-2413 | 2025-09-02 | N/A | 8.6 HIGH | ||
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08. | |||||
| CVE-2025-41690 | 2025-09-02 | N/A | 7.4 HIGH | ||
| A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters. | |||||
| CVE-2025-52551 | 2025-09-02 | N/A | N/A | ||
| E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system. | |||||
| CVE-2025-36133 | 2025-09-02 | N/A | 5.9 MEDIUM | ||
| IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container. | |||||
| CVE-2009-20008 | 2025-09-02 | N/A | N/A | ||
| Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution. | |||||
| CVE-2025-52545 | 2025-09-02 | N/A | N/A | ||
| E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services. | |||||
| CVE-2005-10004 | 2025-09-02 | N/A | N/A | ||
| Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity. | |||||
| CVE-2024-12972 | 2025-09-02 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01. | |||||
| CVE-2022-38695 | 2025-09-02 | N/A | 7.8 HIGH | ||
| In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||