Total
305855 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52621 | 2025-08-15 | N/A | 5.3 MEDIUM | ||
| HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning. | |||||
| CVE-2025-52620 | 2025-08-15 | N/A | 4.3 MEDIUM | ||
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | |||||
| CVE-2025-52619 | 2025-08-15 | N/A | 5.3 MEDIUM | ||
| HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform. | |||||
| CVE-2025-52618 | 2025-08-15 | N/A | 4.3 MEDIUM | ||
| HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries. | |||||
| CVE-2025-8936 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8935 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8934 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8933 | 1 1000projects | 1 Sales Management System | 2025-08-15 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8920 | 2025-08-15 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-43201 | 2025-08-15 | N/A | N/A | ||
| This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. | |||||
| CVE-2025-8959 | 2025-08-15 | N/A | 7.5 HIGH | ||
| HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9. | |||||
| CVE-2025-8919 | 2025-08-15 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8286 | 2025-08-15 | N/A | N/A | ||
| The affected products expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. | |||||
| CVE-2025-44201 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2023-50234 | 1 Hancom | 1 Office Cell | 2025-08-15 | N/A | 7.8 HIGH |
| Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386. | |||||
| CVE-2025-52327 | 1 Carmelogarcia | 1 Restaurant Order System | 2025-08-15 | N/A | 7.8 HIGH |
| SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file | |||||
| CVE-2024-4267 | 1 Lollms | 1 Lollms-webui | 2025-08-15 | N/A | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the 'open_file' function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection. | |||||
| CVE-2024-43238 | 1 Wedevs | 1 Wemail | 2025-08-15 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. | |||||
| CVE-2024-43958 | 1 Gianni-porto | 1 Intothedark | 2025-08-15 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5. | |||||
| CVE-2024-4403 | 1 Lollms | 1 Lollms-webui | 2025-08-15 | N/A | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function. | |||||