Total
307142 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9297 | 2025-08-22 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Tenda i22 1.0.0.3(4687). This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-55383 | 2025-08-22 | N/A | 8.6 HIGH | ||
| Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server. | |||||
| CVE-2025-8309 | 2025-08-22 | N/A | 8.1 HIGH | ||
| There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940. | |||||
| CVE-2025-9235 | 2025-08-22 | 4.0 MEDIUM | 3.5 LOW | ||
| A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2011-10023 | 2025-08-22 | N/A | N/A | ||
| MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file. | |||||
| CVE-2025-9239 | 2025-08-22 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. | |||||
| CVE-2025-9287 | 2025-08-22 | N/A | N/A | ||
| Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. | |||||
| CVE-2025-28041 | 2025-08-22 | N/A | 8.6 HIGH | ||
| Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication. | |||||
| CVE-2025-9264 | 2025-08-22 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2024-57157 | 2025-08-22 | N/A | 9.8 CRITICAL | ||
| Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token. | |||||
| CVE-2025-8415 | 2025-08-22 | N/A | 5.9 MEDIUM | ||
| A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment. | |||||
| CVE-2025-51991 | 2025-08-22 | N/A | 8.8 HIGH | ||
| XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section. An authenticated administrator can inject crafted Apache Velocity template code, which is rendered on the server side without proper validation or sandboxing. This enables the execution of arbitrary template logic, which may expose internal server information or, in specific configurations, lead to further exploitation such as remote code execution or sensitive data leakage. The vulnerability resides in improper handling of dynamic template rendering within user-supplied configuration fields. | |||||
| CVE-2025-50902 | 2025-08-22 | N/A | 8.8 HIGH | ||
| Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message. | |||||
| CVE-2024-50640 | 2025-08-22 | N/A | 9.8 CRITICAL | ||
| jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function | |||||
| CVE-2025-9288 | 2025-08-22 | N/A | N/A | ||
| Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. | |||||
| CVE-2025-55444 | 2025-08-22 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution. | |||||
| CVE-2025-55564 | 2025-08-22 | N/A | 7.5 HIGH | ||
| Tenda AC15 v15.03.05.19_multi_TD01 has a stack overflow via the list parameter in the fromSetIpMacBind function. | |||||
| CVE-2025-27217 | 2025-08-22 | N/A | 9.1 CRITICAL | ||
| A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope. | |||||
| CVE-2025-49810 | 2025-08-22 | N/A | 3.5 LOW | ||
| Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts | |||||
| CVE-2025-55368 | 2025-08-22 | N/A | 8.8 HIGH | ||
| Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | |||||