Search
Search Results (338427 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62448 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62447 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62446 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62445 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62444 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62443 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62442 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62441 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62440 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-9698 | 2025-10-14 | 6.8 Medium | ||
| The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2025-40615 | 1 Bookgy | 1 Bookgy | 2025-10-14 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php. | ||||
| CVE-2025-40616 | 1 Bookgy | 1 Bookgy | 2025-10-14 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php. | ||||
| CVE-2025-40617 | 1 Bookgy | 1 Bookgy | 2025-10-14 | 9.8 Critical |
| SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php. | ||||
| CVE-2025-40618 | 1 Bookgy | 1 Bookgy | 2025-10-14 | 9.8 Critical |
| SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php | ||||
| CVE-2025-40619 | 1 Bookgy | 1 Bookgy | 2025-10-14 | 7.5 High |
| Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles. | ||||
| CVE-2025-45611 | 1 Java-aodeng | 1 Hope-boot | 2025-10-14 | 9.8 Critical |
| Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | ||||
| CVE-2025-45613 | 1 Zhaojun1998 | 1 Shiro-action | 2025-10-14 | 7.5 High |
| Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45614 | 1 Lcw2004 | 1 One | 2025-10-14 | 7.5 High |
| Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-45471 | 1 Lumigo | 1 Measure-cold-start | 2025-10-14 | 8.8 High |
| Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. | ||||
| CVE-2022-49074 | 1 Linux | 1 Linux Kernel | 2025-10-14 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICR_CTLR.RWP polling It turns out that our polling of RWP is totally wrong when checking for it in the redistributors, as we test the *distributor* bit index, whereas it is a different bit number in the RDs... Oopsie boo. This is embarassing. Not only because it is wrong, but also because it took *8 years* to notice the blunder... Just fix the damn thing. | ||||