Total
5186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10591 | 1 Portabilis | 1 I-educar | 2025-09-18 | 4.0 MEDIUM | 3.5 LOW |
| A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função Page. This manipulation of the argument abreviatura/tipoacao causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-10605 | 1 Portabilis | 1 I-educar | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10606 | 1 Portabilis | 1 I-educar | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/Configuracao/ConfiguracaoMovimentoGeral. This manipulation of the argument tipoacao causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-10411 | 1 Emiloi | 1 E-logbook With Health Monitoring System For Covid-19 | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/check_profile.php of the component POST Request Handler. The manipulation of the argument profile_id results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-10566 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2024-23755 | 3 Apple, Clickup, Microsoft | 3 Macos, Clickup, Windows | 2025-09-18 | N/A | 8.8 HIGH |
| ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. | |||||
| CVE-2024-28386 | 1 Home-made | 1 Fastmag Sync | 2025-09-18 | N/A | 9.8 CRITICAL |
| An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. | |||||
| CVE-2022-46070 | 1 Geovision | 1 Gv-asmanager | 2025-09-18 | N/A | 7.5 HIGH |
| GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. | |||||
| CVE-2025-23312 | 1 Nvidia | 1 Nemo | 2025-09-18 | N/A | 7.8 HIGH |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-23313 | 1 Nvidia | 1 Nemo | 2025-09-18 | N/A | 7.8 HIGH |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-23314 | 1 Nvidia | 1 Nemo | 2025-09-18 | N/A | 7.8 HIGH |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-23315 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-09-18 | N/A | 7.8 HIGH |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-9656 | 1 Phpgurukul | 1 Directory Management System | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in PHPGurukul Directory Management System 2.0. This vulnerability affects unknown code of the file /admin/add-directory.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-35036 | 1 Redhat | 1 Hibernate Validator | 2025-09-18 | N/A | 7.3 HIGH |
| Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data. | |||||
| CVE-2025-10642 | 2025-09-18 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | |||||
| CVE-2025-58766 | 2025-09-18 | N/A | 9.0 CRITICAL | ||
| Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker container protections. An attacker can craft web content that automatically executes when the preview loads. The malicious content can break out of the application's security boundaries and gain control of the system. This has been fixed in Dyad v0.20.0 and later. | |||||
| CVE-2024-25713 | 2 Fedoraproject, Ibireme | 2 Fedora, Yyjson | 2025-09-17 | N/A | 8.6 HIGH |
| yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.) | |||||
| CVE-2025-55727 | 1 Xwiki | 1 Pro Macros | 2025-09-17 | N/A | 10.0 CRITICAL |
| XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for any user who can edit any page or who can access the CKEditor converter. The width parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution when the macro has been installed by a user with programming right, or it at least allows executing Velocity code as the wiki admin. Version 1.26.5 contains a patch for the issue. | |||||
| CVE-2025-55728 | 1 Xwiki | 1 Pro Macros | 2025-09-17 | N/A | 10.0 CRITICAL |
| XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue. | |||||
| CVE-2025-2945 | 1 Pgadmin | 1 Pgadmin 4 | 2025-09-17 | N/A | 9.9 CRITICAL |
| Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2. | |||||