Total
309422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51084 | 1 Hyavijava | 1 Hyavijava | 2025-08-26 | N/A | 9.8 CRITICAL |
| hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | |||||
| CVE-2025-48948 | 1 Navidrome | 1 Navidrome | 2025-08-26 | N/A | 6.5 MEDIUM |
| Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue. | |||||
| CVE-2025-57105 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host. | |||||
| CVE-2025-55611 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-08-26 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter. | |||||
| CVE-2025-55606 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-08-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter. | |||||
| CVE-2025-55605 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-08-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter. | |||||
| CVE-2025-55603 | 1 Tenda | 2 Ax3, Ax3 Firmware | 2025-08-26 | N/A | 7.5 HIGH |
| Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter. | |||||
| CVE-2025-55602 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-08-26 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter. | |||||
| CVE-2025-55599 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2025-08-26 | N/A | 7.5 HIGH |
| D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey. | |||||
| CVE-2025-55575 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail. | |||||
| CVE-2025-55398 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed. | |||||
| CVE-2025-52095 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll | |||||
| CVE-2025-52094 | 2025-08-26 | N/A | 7.8 HIGH | ||
| Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component | |||||
| CVE-2025-51092 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn() and signUp() build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareData() function exists, it is insufficient to prevent SQL injection and does not sanitize the table name. | |||||
| CVE-2025-50900 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-decoded request path, and then determine whether the path endsWith /error. If so, execute return true to skip this Interceptor. Else, redirect to /user/login api. Allowing unauthenticated attackers to gain sensitive information or escalated privileges. | |||||
| CVE-2025-50859 | 2025-08-26 | N/A | 6.1 MEDIUM | ||
| Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter. | |||||
| CVE-2025-50858 | 2025-08-26 | N/A | 6.1 MEDIUM | ||
| Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter. | |||||
| CVE-2025-50733 | 2025-08-26 | N/A | 6.1 MEDIUM | ||
| NextChat contains a cross-site scripting (XSS) vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is rendered in an iframe with 'allow-scripts' sandbox permission without proper sanitization. This can be exploited through specifically crafted prompts that cause the AI to generate malicious HTML/JavaScript code. When a user views the HTML preview, the injected JavaScript executes in the user's browser context, potentially allowing attackers to exfiltrate sensitive information (including API keys stored in localStorage), perform actions on behalf of the user, and steal session data. | |||||
| CVE-2025-29366 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| In mupen64plus v2.6.0 there is an array overflow vulnerability in the write_rdram_regs and write_rdram_regs functions, which enables executing arbitrary commands on the host machine. | |||||
| CVE-2024-53494 | 2025-08-26 | N/A | 7.5 HIGH | ||
| Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication. | |||||