Total
308424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9581 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-58335 | 2025-08-29 | N/A | 5.5 MEDIUM | ||
| In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function | |||||
| CVE-2025-9619 | 2025-08-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-31979 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms. | |||||
| CVE-2025-58047 | 2025-08-29 | N/A | 7.5 HIGH | ||
| Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error. | |||||
| CVE-2025-54777 | 2025-08-29 | N/A | 4.3 MEDIUM | ||
| Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature. | |||||
| CVE-2025-54734 | 2025-08-29 | N/A | 5.8 MEDIUM | ||
| Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30. | |||||
| CVE-2025-48362 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saeed Sattar Beglou Hesabfa Accounting allows Cross Site Request Forgery. This issue affects Hesabfa Accounting: from n/a through 2.2.4. | |||||
| CVE-2025-54742 | 2025-08-29 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.4.8. | |||||
| CVE-2025-39247 | 2025-08-29 | N/A | 8.6 HIGH | ||
| There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | |||||
| CVE-2025-39245 | 2025-08-29 | N/A | 4.7 MEDIUM | ||
| There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data. | |||||
| CVE-2025-53224 | 2025-08-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Koen Schuit NextGEN Gallery Search allows Reflected XSS. This issue affects NextGEN Gallery Search: from n/a through 2.12. | |||||
| CVE-2025-53588 | 2025-08-29 | N/A | 7.7 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") UPC/EAN/GTIN Code Generator allows Path Traversal. This issue affects UPC/EAN/GTIN Code Generator: from n/a through 2.0.2. | |||||
| CVE-2025-9577 | 2025-08-29 | 1.0 LOW | 2.5 LOW | ||
| A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. | |||||
| CVE-2024-48908 | 2025-08-29 | N/A | N/A | ||
| lychee link checking action checks links in Markdown, HTML, and text files using lychee. Prior to version 2.0.2, there is a potential attack of arbitrary code injection vulnerability in lychee-setup of the composite action at action.yml. This issue has been patched in version 2.0.2. | |||||
| CVE-2025-7383 | 2025-08-29 | N/A | N/A | ||
| Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. | |||||
| CVE-2025-9656 | 2025-08-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-51972 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter. | |||||
| CVE-2025-48363 | 2025-08-29 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Metin Saraç Popup for CF7 with Sweet Alert allows Cross Site Request Forgery. This issue affects Popup for CF7 with Sweet Alert: from n/a through 1.6.5. | |||||
| CVE-2025-9650 | 2025-08-29 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery | |||||