Search

Search Results (315521 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-62597 1 Wegia 1 Wegia 2025-10-24 6.1 Medium
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
CVE-2025-60559 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.
CVE-2025-60561 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.
CVE-2025-60562 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.
CVE-2025-60563 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.
CVE-2025-60564 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.
CVE-2025-60565 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.
CVE-2025-55340 1 Microsoft 14 Remote Desktop Protocol, Windows, Windows 10 and 11 more 2025-10-24 7 High
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.
CVE-2025-60566 2025-10-24 N/A
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
CVE-2025-60801 2025-10-24 N/A
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.
CVE-2025-55676 1 Microsoft 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 2025-10-24 5.5 Medium
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.
CVE-2025-55677 1 Microsoft 3 Windows 11 24h2, Windows 11 25h2, Windows Server 2025 2025-10-24 7.8 High
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-55678 1 Microsoft 21 Directx, Windows, Windows 10 and 18 more 2025-10-24 7 High
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-61413 1 Dotnetfoundation 1 Piranha Cms 2025-10-24 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.
CVE-2025-9339 1 Simple Sa 1 Simple.erp 2025-10-24 N/A
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6 characters. We weren't able to identify a way to exfiltrate data within query character limit. This issue affects SIMPLE.ERP in versions before 6.30@a04.3.
CVE-2025-8536 2025-10-24 N/A
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.
CVE-2025-62398 1 Moodle 1 Moodle 2025-10-24 5.4 Medium
A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising user accounts.
CVE-2025-61430 2025-10-24 N/A
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed (len differs from actual packet len), and due to a concurrency/buffering issue, even when the lengths match. A length prefix that is smaller than the actual packet size increases information leakage. In summary, this vulnerability allows an attacker to see DNS queries of other clients.
CVE-2025-60938 2025-10-24 N/A
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baud_rate, core, and autoreset within the /admin/upload-custom-firmware endpoint.
CVE-2025-60936 2025-10-24 N/A
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.