Total
308571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27690 | 1 Dell | 1 Powerscale Onefs | 2025-07-11 | N/A | 9.8 CRITICAL |
| Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account. | |||||
| CVE-2025-27207 | 1 Adobe | 1 Commerce B2b | 2025-07-11 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-29662 | 1 Landchat | 1 Landchat | 2025-07-11 | N/A | 9.8 CRITICAL |
| A RCE vulnerability in the core application in LandChat 3.25.12.18 allows an unauthenticated attacker to execute system code via remote network access. | |||||
| CVE-2025-6904 | 1 Anisha | 1 Car Rental System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument car_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6903 | 1 Anisha | 1 Car Rental System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-53924 | 1 Dgorissen | 1 Pycel | 2025-07-11 | N/A | 9.8 CRITICAL |
| Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. | |||||
| CVE-2025-7211 | 1 Anisha | 1 Lifestyle Store | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cart_add.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26269 | 1 Dragonflydb | 1 Dragonfly | 2025-07-11 | N/A | 3.3 LOW |
| DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. | |||||
| CVE-2023-49031 | 1 Oneadvanced | 1 Tikit Emarketing | 2025-07-11 | N/A | 5.1 MEDIUM |
| Directory Traversal (Local File Inclusion) vulnerability in Tikit (now Advanced) eMarketing platform 6.8.3.0 allows a remote attacker to read arbitrary files and obtain sensitive information via a crafted payload to the filename parameter to the OpenLogFile endpoint. | |||||
| CVE-2025-25179 | 1 Imaginationtech | 1 Ddk | 2025-07-11 | N/A | 7.8 HIGH |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | |||||
| CVE-2025-7220 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0467 | 1 Imaginationtech | 1 Ddk | 2025-07-11 | N/A | 8.2 HIGH |
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2025-7219 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7218 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38291 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 8.8 HIGH |
| In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. | |||||
| CVE-2025-7217 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_position. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-38290 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 5.3 MEDIUM |
| In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. | |||||
| CVE-2024-38292 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 9.8 CRITICAL |
| In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. | |||||
| CVE-2025-6826 | 1 Campcodes | 1 Payroll Management System | 2025-07-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /Payroll_Management_System/ajax.php?action=save_department. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52290 | 1 Lfedge | 1 Ekuiper | 2025-07-11 | N/A | 6.3 MEDIUM |
| LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this service (e.g. admin) tries to delete this key, a payload acts in the victim's browser. Version 2.1.0 fixes the issue. | |||||