Search
Search Results (310862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9487 | 2025-09-22 | N/A | ||
| The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads | ||||
| CVE-2025-9115 | 2025-09-22 | N/A | ||
| The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | ||||
| CVE-2025-10784 | 2025-09-22 | 7.3 High | ||
| A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_subject.php. The manipulation of the argument subject_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10783 | 2025-09-22 | 7.3 High | ||
| A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_subject.php. Executing manipulation of the argument subject_code can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2024-2769 | 1 Campcodes | 1 Complete Online Beauty Parlor Management System | 2025-09-21 | 6.3 Medium |
| A vulnerability was detected in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname/email results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-10688 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-21 | 7.3 High |
| A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/operation/paid.php. This manipulation of the argument inv_no/insta_amt causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-10246 | 2025-09-20 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-26503 | 1 Windriver | 1 Vxworks | 2025-09-20 | 6.7 Medium |
| A crafted system call argument can cause memory corruption. | ||||
| CVE-2025-6198 | 1 Supermicro | 1 Mbd-x13sem-f | 2025-09-20 | 6.4 Medium |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2025-7937 | 1 Supermicro | 1 Mbd-x12stw | 2025-09-20 | 6.6 Medium |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2025-10035 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-09-20 | 10 Critical |
| A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. | ||||
| CVE-2025-59220 | 1 Microsoft | 7 Windows, Windows 10, Windows 11 and 4 more | 2025-09-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59216 | 1 Microsoft | 4 Windows, Windows 11, Windows Server and 1 more | 2025-09-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59215 | 1 Microsoft | 5 Graphics Component, Windows, Windows 11 and 2 more | 2025-09-20 | 7 High |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59720 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59721 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59722 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59723 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59724 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59725 | 2025-09-20 | N/A | ||
| Not used | ||||