Total
3015 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9197 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2025-09-05 | 10.0 HIGH | N/A |
| The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | |||||
| CVE-2025-26424 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-54914 | 2025-09-05 | N/A | 10.0 CRITICAL | ||
| Azure Networking Elevation of Privilege Vulnerability | |||||
| CVE-2025-55244 | 2025-09-05 | N/A | 9.0 CRITICAL | ||
| Azure Bot Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-21031 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 6.8 MEDIUM |
| Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | |||||
| CVE-2025-36909 | 1 Google | 1 Android | 2025-09-05 | N/A | 5.3 MEDIUM |
| Information disclosure | |||||
| CVE-2024-52509 | 1 Nextcloud | 1 Mail | 2025-09-04 | N/A | 3.5 LOW |
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2. | |||||
| CVE-2025-9941 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9942 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9795 | 1 Tianti Project | 1 Tianti | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45170 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 8.1 HIGH |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, access those functions is restricted via the web application user interface and not checked on the server side. Thus, by sending corresponding HTTP requests to the web server of the C-MOR web interface, low privileged users can also use administrative functionality, for instance downloading backup files or changing configuration settings. | |||||
| CVE-2025-9772 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-9774 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9775 | 1 Remoteclinic | 1 Remote Clinic | 2025-09-04 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-3410 | 1 Aias | 1 Aias | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in mymagicpower AIAS 20250308. This vulnerability affects unknown code of the file training_platform/train-platform/src/main/java/top/aias/training/controller/LocalStorageController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9842 | 2025-09-04 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. | |||||
| CVE-2025-9843 | 2025-09-04 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-20335 | 2025-09-04 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default. | |||||
| CVE-2024-39701 | 1 Monospace | 1 Directus | 2025-09-04 | N/A | 6.3 MEDIUM |
| Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if **field** matches any of the **values**. This vulnerability is fixed in 10.6.0. | |||||
| CVE-2024-36535 | 1 Layer5 | 1 Meshery | 2025-09-03 | N/A | 9.8 CRITICAL |
| Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | |||||