Total
309449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24021 | 1 Combodo | 1 Itop | 2025-08-22 | N/A | 5.0 MEDIUM |
| iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue. | |||||
| CVE-2025-9306 | 1 Donbermoy | 1 Advanced School Management System | 2025-08-22 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9307 | 1 Phpgurukul | 1 Online Course Registration | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-57761 | 1 Wegia | 1 Wegia | 2025-08-22 | N/A | 8.8 HIGH |
| WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.4.10. | |||||
| CVE-2025-57762 | 1 Wegia | 1 Wegia | 2025-08-22 | N/A | 6.1 MEDIUM |
| WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.4.7. | |||||
| CVE-2025-57763 | 1 Wegia | 1 Wegia | 2025-08-22 | N/A | 6.1 MEDIUM |
| WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This vulnerability is fixed in 3.4.7. | |||||
| CVE-2025-9311 | 1 Admerc | 1 Apartment Management System | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2023-25717 | 2 Commscope, Ruckuswireless | 61 Ruckus Smartzone Firmware, E510, H320 and 58 more | 2025-08-22 | N/A | 9.8 CRITICAL |
| Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring. | |||||
| CVE-2023-49225 | 2 Commscope, Ruckuswireless | 74 Ruckus Smartzone, C110, C110 Firmware and 71 more | 2025-08-22 | N/A | 6.1 MEDIUM |
| A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. | |||||
| CVE-2024-45062 | 1 Openprinting | 2 Ippusbxd, Ippusbxd Firmware | 2025-08-22 | N/A | 6.4 MEDIUM |
| A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to a arbitrary code execution in a privileged service. To trigger the vulnerability, a malicious device would need to be connected to the vulnerable system over USB. | |||||
| CVE-2025-55734 | 1 Dogukanurker | 1 Flaskblog | 2025-08-22 | N/A | 6.5 MEDIUM |
| flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page, but that control is not done for the pages routes/adminPanelComments.py and routes/adminPanelPosts.py. Thus, an unauthorized user can bypass the intended restrictions, leaking sensitive data and accessing the following pages: /admin/posts, /adminpanel/posts, /admin/comments, and /adminpanel/comments. | |||||
| CVE-2025-55735 | 1 Dogukanurker | 1 Flaskblog | 2025-08-22 | N/A | 5.4 MEDIUM |
| flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escape the rendered content. This can lead to a stored XSS inside the content of the post. The code that causes the problem is in template/routes.html. | |||||
| CVE-2025-55736 | 1 Dogukanurker | 1 Flaskblog | 2025-08-22 | N/A | 6.5 MEDIUM |
| flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete users, posts, comments etc.). The problem is in the routes/adminPanelUsers file. | |||||
| CVE-2025-55731 | 1 Frappe | 1 Frappe | 2025-08-22 | N/A | 8.8 HIGH |
| Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15. | |||||
| CVE-2025-55732 | 1 Frappe | 1 Frappe | 2025-08-22 | N/A | 7.5 HIGH |
| Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-52895. This vulnerability is fixed in 15.74.2 and 14.96.15. | |||||
| CVE-2025-32451 | 1 Foxit | 1 Pdf Reader | 2025-08-22 | N/A | 8.8 HIGH |
| A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2025-47152 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-08-22 | N/A | 6.5 MEDIUM |
| An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | |||||
| CVE-2025-27931 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-08-22 | N/A | 6.5 MEDIUM |
| An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | |||||
| CVE-2024-51447 | 1 Siemens | 1 Polarion Alm | 2025-08-22 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames. | |||||
| CVE-2025-40566 | 1 Siemens | 1 Simatic Pcs Neo | 2025-08-22 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products do not correctly invalidate user sessions upon user logout. This could allow a remote unauthenticated attacker, who has obtained the session token by other means, to re-use a legitimate user's session even after logout. | |||||