Total
313285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21435 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Csr8811 and 295 more | 2025-10-06 | N/A | 7.5 HIGH |
| Transient DOS may occur while parsing extended IE in beacon. | |||||
| CVE-2025-21434 | 1 Qualcomm | 244 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 241 more | 2025-10-06 | N/A | 7.5 HIGH |
| Transient DOS may occur while parsing EHT operation IE or EHT capability IE. | |||||
| CVE-2025-21430 | 1 Qualcomm | 450 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq8017 and 447 more | 2025-10-06 | N/A | 7.5 HIGH |
| Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. | |||||
| CVE-2025-21429 | 1 Qualcomm | 364 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 361 more | 2025-10-06 | N/A | 7.5 HIGH |
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. | |||||
| CVE-2025-21428 | 1 Qualcomm | 138 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 135 more | 2025-10-06 | N/A | 7.5 HIGH |
| Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session. | |||||
| CVE-2025-40668 | 1 Tcman | 1 Gim | 2025-10-06 | N/A | 6.5 MEDIUM |
| Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty. | |||||
| CVE-2025-40669 | 1 Tcman | 1 Gim | 2025-10-06 | N/A | 6.5 MEDIUM |
| Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1. | |||||
| CVE-2025-40670 | 1 Tcman | 1 Gim | 2025-10-06 | N/A | 8.8 HIGH |
| Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser. | |||||
| CVE-2025-49146 | 1 Postgresql | 1 Postgresql Jdbc Driver | 2025-10-06 | N/A | 8.2 HIGH |
| pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7. | |||||
| CVE-2025-9710 | 2025-10-06 | N/A | 6.3 MEDIUM | ||
| The Responsive Lightbox & Gallery WordPress plugin before 2.5.3 does not properly handle HTML tag attributes modifications, potentially allowing unauthenticated attackers to abuse the functionality to include event handlers and conduct Stored XSS attacks. | |||||
| CVE-2025-9703 | 2025-10-06 | N/A | 4.3 MEDIUM | ||
| The Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) WordPress plugin before 2.5.0 does not sanitize SVG file contents when uploaded through the xmlrpc.php endpoint using base64 encode, leading to a Cross-Site Scripting vulnerability. | |||||
| CVE-2025-61985 | 2025-10-06 | N/A | 3.6 LOW | ||
| ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | |||||
| CVE-2025-60967 | 2025-10-06 | N/A | 7.3 HIGH | ||
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-59951 | 2025-10-06 | N/A | N/A | ||
| Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's IP when using the req.ip method. This results in isLocalhost always returning True. Consequently, the /ssh/db/host/internal endpoint can be accessed directly without login or authentication. This endpoint records the system's stored SSH host information, including addresses, usernames, and passwords, posing an extremely high security risk. Users who use the official Termix docker image, build their own image using the official dockerfile, or utilize reverse proxy functionality will be affected by this vulnerability. This issue is fixed in version 1.6.0. | |||||
| CVE-2025-54086 | 2025-10-06 | N/A | N/A | ||
| CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability. | |||||
| CVE-2025-28129 | 2025-10-06 | N/A | 5.4 MEDIUM | ||
| Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking. | |||||
| CVE-2025-11345 | 2025-10-06 | 6.5 MEDIUM | 5.5 MEDIUM | ||
| A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised. | |||||
| CVE-2025-11343 | 2025-10-06 | 7.5 HIGH | 7.3 HIGH | ||
| A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-49154 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2025-10-06 | N/A | 8.7 HIGH |
| An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-9149 | 1 Wavlink | 2 Wl-nu516u1, Wl-nu516u1 Firmware | 2025-10-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||