Search
Search Results (310801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7937 | 1 Supermicro | 1 Mbd-x12stw | 2025-09-20 | 6.6 Medium |
| There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image. | ||||
| CVE-2025-10035 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-09-20 | 10 Critical |
| A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. | ||||
| CVE-2025-59220 | 1 Microsoft | 7 Windows, Windows 10, Windows 11 and 4 more | 2025-09-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59216 | 1 Microsoft | 4 Windows, Windows 11, Windows Server and 1 more | 2025-09-20 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59215 | 1 Microsoft | 5 Graphics Component, Windows, Windows 11 and 2 more | 2025-09-20 | 7 High |
| Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59720 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59721 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59722 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59723 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59724 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59725 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59726 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-59727 | 2025-09-20 | N/A | ||
| Not used | ||||
| CVE-2025-10652 | 2025-09-20 | 6.5 Medium | ||
| The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-57396 | 2025-09-19 | 6.5 Medium | ||
| Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level. | ||||
| CVE-2025-56762 | 2025-09-19 | 6.1 Medium | ||
| Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php. | ||||
| CVE-2025-54761 | 2025-09-19 | 8 High | ||
| An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie. | ||||
| CVE-2025-52159 | 2025-09-19 | 8.8 High | ||
| Hardcoded credentials in default configuration of PPress 0.0.9. | ||||
| CVE-2025-43808 | 2025-09-19 | N/A | ||
| The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which allows remote attackers to access and download virtual products for free via a crafted URL. | ||||
| CVE-2025-56706 | 1 Edimax | 2 Br-6473ax, Br-6473ax Firmware | 2025-09-19 | 8 High |
| Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function. | ||||