363836 matches found
CVE-2025-60251
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 accept any handshake secret with the unitree substring...
CVE-2025-57407
A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...
CVE-2025-59349
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path...
CVE-2025-40695
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...
CVE-2025-44004
Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...
CVE-2025-4796
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...
CVE-2025-54799
Let's Encrypt client and ACME library written in Go Lego. In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package thus the lego library and the lego cli as well don't enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME...
CVE-2025-54590
webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in...
CVE-2025-8454
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts a collection of scripts to make the life of a Debian Package maintainer easier, skips OpenPGP verification if the upstream source is already downloaded from a previous run even...
CVE-2025-51383
D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsecroadasp function via the hostip parameter...
CVE-2025-53889
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
CVE-2025-6824
A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible ...
CVE-2025-6139
A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...
CVE-2025-5622
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli5g of the file /goform/wirelessApcli5g. The manipulation of the argument apclimode5g/apclienc5g/apclidefaultkey5g leads to stack-based buffer overflow. The attack...
CVE-2025-48941
MyBB is free and open source forum software. Prior to version 1.8.39, the search component does not validate permissions correctly, which allows attackers to determine the existence of hidden draft, unapproved, or soft-deleted threads containing specified text in the title. The visibility state...
CVE-2025-5247
A vulnerability, which was classified as critical, has been found in Gowabby HFish 0.1. This issue affects the function LoadUrl of the file \view\url.go. The manipulation of the argument r leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to th...
CVE-2025-41651
Due to missing authentication on a critical function of the devices an unauthenticated remote attacker can execute arbitrary commands, potentially enabling unauthorized upload or download of configuration files and leading to full system compromise...
CVE-2025-48283
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Majestic Support Majestic Support majestic-support allows SQL Injection.This issue affects Majestic Support: from n/a through = 1.1.0...
CVE-2025-48371
OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...
CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
CVE-2025-46827
Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with...
CVE-2025-4252
A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component APPEND Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...
CVE-2025-47241
In browser-use aka Browser Use before 0.1.45, URL parsing of alloweddomains is mishandled because userinfo can be placed in the authority component...
CVE-2025-1326
The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homeyreservationdel function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete...
CVE-2025-3599
Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user...
CVE-2025-2893
The Gutenverse – Ultimate Block Addons and Page Builder for Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's countdown Block in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2025-3914
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropagemediadownloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access a...
CVE-2025-3821
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. Th...
CVE-2025-30740
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...
CVE-2025-30727
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...
CVE-2025-30698
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle...
CVE-2025-32077
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Extension:SimpleCalendar allows Cross-Site Scripting XSS.This issue affects Mediawiki - Extension:SimpleCalendar: from 1.39 through 1.43...
CVE-2025-21591
A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service DoS...
CVE-2025-2664
A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-1108
Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST request by injecting malicious content into...
CVE-2025-0321
The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2024-25034
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...
CVE-2024-53689
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-13297
Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X- before 7.X-1.15...
CVE-2024-56063
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.0.7...
CVE-2024-12745
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the getschemas, gettables, or getcolumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3...
CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
CVE-2024-44853
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl...
CVE-2024-9058
The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output...
CVE-2024-53900
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...
CVE-2024-20129
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025...
CVE-2024-53864
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, an...
CVE-2024-30896
InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and...
CVE-2024-50552
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jasonpancake Hover Video Preview hover-video-preview allows Stored XSS.This issue affects Hover Video Preview: from n/a through = 1.0.2...
CVE-2024-11036
The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...