Total
302894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49535 | 1 Adobe | 1 Coldfusion | 2025-07-11 | N/A | 9.3 CRITICAL |
| ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service by bypassing security measures. Exploitation of this issue does not require user interaction and scope is changed. The vulnerable component is restricted to internal IP addresses. | |||||
| CVE-2025-27690 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | 9.8 CRITICAL |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account. | |||||
| CVE-2025-27207 | 1 Adobe | 1 Commerce B2b | 2025-07-11 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-29662 | 1 Landchat | 1 Landchat | 2025-07-11 | N/A | 9.8 CRITICAL |
| A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. | |||||
| CVE-2025-6904 | 1 Anisha | 1 Car Rental System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6903 | 1 Anisha | 1 Car Rental System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-53924 | 1 Dgorissen | 1 Pycel | 2025-07-11 | N/A | 9.8 CRITICAL |
| Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | |||||
| CVE-2025-7211 | 1 Anisha | 1 Lifestyle Store | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26269 | 1 Dragonflydb | 1 Dragonfly | 2025-07-11 | N/A | 3.3 LOW |
| DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. | |||||
| CVE-2023-49031 | 1 Oneadvanced | 1 Tikit Emarketing | 2025-07-11 | N/A | 5.1 MEDIUM |
| Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint. | |||||
| CVE-2025-25179 | 1 Imaginationtech | 1 Ddk | 2025-07-11 | N/A | 7.8 HIGH |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | |||||
| CVE-2025-7220 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0467 | 1 Imaginationtech | 1 Ddk | 2025-07-11 | N/A | 8.2 HIGH |
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2025-7219 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7218 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38291 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 8.8 HIGH |
| In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. | |||||
| CVE-2025-7217 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_position. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38290 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 5.3 MEDIUM |
| In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. | |||||
| CVE-2024-38292 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 9.8 CRITICAL |
| In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. | |||||
| CVE-2025-6826 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||