Total
309444 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58035 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-24469 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-24468 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-22864 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-22863 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-22861 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-22860 | 2025-08-23 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-8193 | 2025-08-22 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2014-0758 | 1 Iconics | 1 Genesis32 | 2025-08-22 | 9.3 HIGH | N/A |
| An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document. | |||||
| CVE-2014-0757 | 1 3s-software | 1 Codesys Runtime Toolkit | 2025-08-22 | 7.1 HIGH | N/A |
| Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. | |||||
| CVE-2014-0752 | 1 Ecava | 1 Integraxor | 2025-08-22 | 7.5 HIGH | N/A |
| The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL. | |||||
| CVE-2014-0751 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2025-08-22 | 6.8 MEDIUM | N/A |
| The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code. | |||||
| CVE-2014-0750 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2025-08-22 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. | |||||
| CVE-2025-55742 | 1 Webkul | 1 Unopim | 2025-08-22 | N/A | 8.0 HIGH |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1. | |||||
| CVE-2025-55743 | 1 Webkul | 1 Unopim | 2025-08-22 | N/A | 8.8 HIGH |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1. | |||||
| CVE-2025-55744 | 1 Webkul | 1 Unopim | 2025-08-22 | N/A | 4.3 MEDIUM |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1. | |||||
| CVE-2025-57764 | 1 Wegia | 1 Wegia | 2025-08-22 | N/A | 6.5 MEDIUM |
| WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.4.7. | |||||
| CVE-2025-57765 | 1 Wegia | 1 Wegia | 2025-08-22 | N/A | 6.5 MEDIUM |
| WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the pre_cadastro_adotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.4.7. | |||||
| CVE-2025-47054 | 1 Adobe | 1 Experience Manager | 2025-08-22 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | |||||
| CVE-2025-8611 | 1 Aomeitech | 1 Cyber Backup | 2025-08-22 | N/A | 9.8 CRITICAL |
| AOMEI Cyber Backup Missing Authentication for Critical Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of AOMEI Cyber Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DaoService service, which listens on TCP port 9074 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-26158. | |||||