Total
309418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58049 | 1 Xwiki | 1 Xwiki | 2025-09-02 | N/A | 5.8 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive cookies unencrypted in job statuses. XWiki shouldn't store passwords in plain text, and it shouldn't be possible to gain access to plain text passwords by gaining access to, e.g., a backup of the data directory. This vulnerability has been patched in XWiki 16.4.8, 16.10.7, and 17.4.0-rc-1. | |||||
| CVE-2025-9597 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-47824 | 2025-09-02 | N/A | 2.0 LOW | ||
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code. | |||||
| CVE-2025-47823 | 2025-09-02 | N/A | 2.2 LOW | ||
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system. | |||||
| CVE-2025-47822 | 2025-09-02 | N/A | 6.4 MEDIUM | ||
| Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control. | |||||
| CVE-2025-47821 | 2025-09-02 | N/A | 2.2 LOW | ||
| Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system. | |||||
| CVE-2025-47820 | 2025-09-02 | N/A | 2.0 LOW | ||
| Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code. | |||||
| CVE-2025-47819 | 2025-09-02 | N/A | 6.4 MEDIUM | ||
| Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control. | |||||
| CVE-2025-47818 | 2025-09-02 | N/A | 2.2 LOW | ||
| Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection. | |||||
| CVE-2024-42987 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2025-09-02 | N/A | 7.5 HIGH |
| Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all of which are passed via HTTP POST and used in unsafe sprintf calls without proper length validation. A remote attacker can exploit this flaw through a crafted POST request, which may cause a Denial of Service (DoS). In certain scenarios, this issue could potentially be leveraged to achieve remote code execution. | |||||
| CVE-2025-32468 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-35984 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-46407 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-50129 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-52456 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-52930 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-53085 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-53510 | 1 Sail | 1 Sail | 2025-09-02 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. | |||||
| CVE-2025-9598 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9599 | 1 Admerc | 1 Apartment Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||