Total
312932 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21438 | 1 Qualcomm | 86 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 83 more | 2025-10-03 | N/A | 7.8 HIGH |
| Memory corruption while IOCTL call is invoked from user-space to read board data. | |||||
| CVE-2025-11049 | 1 Portabilis | 1 I-educar | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-10954 | 1 Textit | 1 Phonenumbers | 2025-10-03 | N/A | 5.3 MEDIUM |
| Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". | |||||
| CVE-2025-11050 | 1 Portabilis | 1 I-educar | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2025-11053 | 1 Phpgurukul | 1 Small Crm | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-8014 | 1 Gitlab | 1 Gitlab | 2025-10-03 | N/A | 7.5 HIGH |
| Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption. | |||||
| CVE-2025-11139 | 1 Zhiyou-group | 1 Zhiyou Erp | 2025-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11140 | 1 Zhiyou-group | 1 Zhiyou Erp | 2025-10-03 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-61593 | 2025-10-03 | N/A | 7.1 HIGH | ||
| Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e. */.cursor/cli.json) allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive filesystems. This issue is fixed in a commit, 25b418f, but has yet to be released as of October 3, 2025. | |||||
| CVE-2025-61592 | 2025-10-03 | N/A | 8.8 HIGH | ||
| Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version. | |||||
| CVE-2025-59489 | 2025-10-03 | N/A | 7.4 HIGH | ||
| Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications. | |||||
| CVE-2025-52653 | 2025-10-03 | N/A | 7.6 HIGH | ||
| HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access. | |||||
| CVE-2025-46817 | 2025-10-03 | N/A | 7.0 HIGH | ||
| Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. | |||||
| CVE-2025-44007 | 2025-10-03 | N/A | N/A | ||
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-44006 | 2025-10-03 | N/A | N/A | ||
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-33040 | 2025-10-03 | N/A | N/A | ||
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-33039 | 2025-10-03 | N/A | N/A | ||
| An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2025-33034 | 2025-10-03 | N/A | N/A | ||
| A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.1 ( 2025/07/09 ) and later | |||||
| CVE-2024-56804 | 2025-10-03 | N/A | N/A | ||
| An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later | |||||
| CVE-2014-2358 | 1 Fox-it | 1 Fox Datadiode | 2025-10-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. | |||||