Total
305210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0526 | 2 Microsoft, Octopus | 2 Windows, Octopus Server | 2025-07-02 | N/A | 5.4 MEDIUM |
| In affected versions of Octopus Deploy it was possible to upload files to unexpected locations on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows. | |||||
| CVE-2025-6555 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
| Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-6556 | 1 Google | 1 Chrome | 2025-07-02 | N/A | 5.4 MEDIUM |
| Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-24042 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | N/A | 7.3 HIGH |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability | |||||
| CVE-2025-6580 | 1 Mayurik | 1 Best Salon Management System | 2025-07-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-24039 | 1 Microsoft | 1 Visual Studio Code | 2025-07-02 | N/A | 7.3 HIGH |
| Visual Studio Code Elevation of Privilege Vulnerability | |||||
| CVE-2025-6581 | 1 Mayurik | 1 Best Salon Management System | 2025-07-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation of the argument name/email/mobilenum/gender/details/dob/marriage_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6582 | 1 Mayurik | 1 Best Salon Management System | 2025-07-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /edit-customer-detailed.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6583 | 1 Mayurik | 1 Best Salon Management System | 2025-07-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /view-appointment.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6613 | 1 Anujk305 | 1 Hospital Management System | 2025-07-02 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Command-line Interface | 2025-07-02 | N/A | 8.6 HIGH |
| Azure CLI REST Command Information Disclosure Vulnerability | |||||
| CVE-2025-24046 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-02 | N/A | 7.8 HIGH |
| Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-6604 | 1 Mayurik | 1 Best Salon Management System | 2025-07-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30719 | 1 Oracle | 1 Vm Virtualbox | 2025-07-02 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H). | |||||
| CVE-2025-6605 | 1 Mayurik | 1 Best Salon Management System | 2025-07-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. This vulnerability affects unknown code of the file /panel/edit-staff.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-21532 | 1 Oracle | 1 Analytics Desktop | 2025-07-02 | N/A | 7.8 HIGH |
| Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2025-49851 | 1 Assaabloy | 1 Control Id Idsecure | 2025-07-02 | N/A | 9.8 CRITICAL |
| ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an Improper Authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product. | |||||
| CVE-2025-49852 | 1 Assaabloy | 1 Control Id Idsecure | 2025-07-02 | N/A | 7.5 HIGH |
| ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers. | |||||
| CVE-2025-49853 | 1 Assaabloy | 1 Control Id Idsecure | 2025-07-02 | N/A | 9.1 CRITICAL |
| ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries. | |||||
| CVE-2025-30717 | 1 Oracle | 1 Teleservice | 2025-07-02 | N/A | 6.5 MEDIUM |
| Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite (component: Service Diagnostics Scripts). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Teleservice. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Teleservice accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||