Total
306760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9010 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9026 | 1 Dlink | 2 Dir-860l, Dir-860l Firmware | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-9046 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-18 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9047 | 1 Projectworlds | 1 Visitor Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9050 | 1 Projectworlds | 1 Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9051 | 1 Projectworlds | 1 Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8985 | 1 Unyasoft | 1 Covid19 Testing Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-8984 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of the argument expense_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8983 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expense_for leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8982 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument curr_code leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8981 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument payment_type leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8980 | 1 Tenda | 2 G1, G1 Firmware | 2025-08-18 | 6.8 MEDIUM | 6.6 MEDIUM |
| A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-42005 | 1 Ibm | 3 Cloud Pak For Data, Db2, Db2 Warehouse | 2025-08-18 | N/A | 7.4 HIGH |
| IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. | |||||
| CVE-2025-8979 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2025-08-18 | 6.8 MEDIUM | 6.6 MEDIUM |
| A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8976 | 1 Vvveb | 1 Vvveb | 2025-08-18 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-8975 | 1 Vvveb | 1 Vvveb | 2025-08-18 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named 84c11d69df8452dc378feecd17e2a62ac10dac66. It is recommended to upgrade the affected component. | |||||
| CVE-2025-45316 | 1 Hortusfox | 1 Hortusfox | 2025-08-18 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter. | |||||
| CVE-2025-8972 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-52335 | 1 Eyoucms | 1 Eyoucms | 2025-08-18 | N/A | 6.1 MEDIUM |
| EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. | |||||
| CVE-2025-21110 | 1 Dell | 1 Data Lakehouse | 2025-08-18 | N/A | 6.7 MEDIUM |
| Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | |||||