Total
307414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component. | |||||
| CVE-2025-32947 | 2025-08-20 | N/A | 7.5 HIGH | ||
| This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities. | |||||
| CVE-2024-23942 | 2025-08-20 | N/A | 7.1 HIGH | ||
| A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS. | |||||
| CVE-2025-57748 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57747 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57746 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57745 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57744 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57743 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57742 | 2025-08-20 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2024-28446 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-08-20 | N/A | 5.7 MEDIUM |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi. | |||||
| CVE-2022-40490 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-08-20 | N/A | 4.8 MEDIUM |
| Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. | |||||
| CVE-2023-40694 | 2 Ibm, Redhat | 2 Watson Cp4d Data Stores, Openshift | 2025-08-20 | N/A | 6.2 MEDIUM |
| IBM Watson CP4D Data Stores 4.0.0 through 4.8.4 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 264838. | |||||
| CVE-2024-32324 | 1 Szlbt | 2 Lbt-t300-t400, Lbt-t300-t400 Firmware | 2025-08-20 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v.3.2 allows a local attacker to execute arbitrary code via the vpn_client_ip variable of the config_vpn_pptp function in rc program. | |||||
| CVE-2025-34076 | 1 Microweber | 1 Microweber | 2025-08-20 | N/A | 7.2 HIGH |
| An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By specifying an absolute file path in the src parameter of the upload request, the server may relocate or delete the target file depending on the web service user’s privileges. The corresponding download endpoint can then be used to retrieve the file contents, effectively enabling local file disclosure. This behavior stems from insufficient validation of user-supplied paths and inadequate restrictions on file access and backup logic. | |||||
| CVE-2025-7061 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6765 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-29570 | 1 Szlbt | 2 Lbt-t300-t400, Lbt-t300-t400 Firmware | 2025-08-20 | N/A | 7.8 HIGH |
| An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. | |||||
| CVE-2024-41787 | 1 Ibm | 1 Doors Next | 2025-08-20 | N/A | 9.8 CRITICAL |
| IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2025-3632 | 1 Ibm | 1 4769 Developers Toolkit | 2025-08-20 | N/A | 7.5 HIGH |
| IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size. | |||||