Total
83679 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57263 | 1 Phpversion | 1 Vx Guestbook | 2025-09-18 | N/A | 7.2 HIGH |
| An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel. | |||||
| CVE-2025-10565 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-56295 | 1 Carmelo | 1 Computer Laboratory System | 2025-09-18 | N/A | 7.3 HIGH |
| code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions. | |||||
| CVE-2025-10562 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2025-56274 | 1 Seniorwalter | 1 Web-based Pharmacy Product Management System | 2025-09-18 | N/A | 8.1 HIGH |
| SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users. | |||||
| CVE-2024-28425 | 1 Linkedin | 1 Greykite | 2025-09-18 | N/A | 7.5 HIGH |
| greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-29154 | 1 Danielmiessler | 1 Fabric | 2025-09-18 | N/A | 7.4 HIGH |
| danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. | |||||
| CVE-2024-23755 | 3 Apple, Clickup, Microsoft | 3 Macos, Clickup, Windows | 2025-09-18 | N/A | 8.8 HIGH |
| ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. | |||||
| CVE-2024-28387 | 1 Axonaut | 1 Axonaut | 2025-09-18 | N/A | 7.5 HIGH |
| An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. | |||||
| CVE-2024-28434 | 1 Twenty | 1 Twenty | 2025-09-18 | N/A | 7.6 HIGH |
| The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. | |||||
| CVE-2022-46070 | 1 Geovision | 1 Gv-asmanager | 2025-09-18 | N/A | 7.5 HIGH |
| GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. | |||||
| CVE-2024-25501 | 1 Winmail | 1 Winmail | 2025-09-18 | N/A | 8.8 HIGH |
| An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. | |||||
| CVE-2023-47415 | 1 Cypress | 2 Ctm-200, Ctm-200 Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter. | |||||
| CVE-2024-2216 | 1 Jenkins | 1 Docker-build-step | 2025-09-18 | N/A | 8.8 HIGH |
| A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. | |||||
| CVE-2024-25398 | 1 Srelay Project | 1 Srelay | 2025-09-18 | N/A | 7.5 HIGH |
| In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. | |||||
| CVE-2024-27356 | 1 Gl-inet | 52 A1300, A1300 Firmware, Ar300m and 49 more | 2025-09-18 | N/A | 7.5 HIGH |
| An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203. | |||||
| CVE-2024-27454 | 1 Ijl | 1 Orjson | 2025-09-18 | N/A | 7.5 HIGH |
| orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. | |||||
| CVE-2024-24386 | 1 Vitalpbx | 1 Vitalpbx | 2025-09-18 | N/A | 7.2 HIGH |
| An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. | |||||
| CVE-2024-27036 | 1 Linux | 1 Linux Kernel | 2025-09-18 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: cifs: Fix writeback data corruption cifs writeback doesn't correctly handle the case where cifs_extend_writeback() hits a point where it is considering an additional folio, but this would overrun the wsize - at which point it drops out of the xarray scanning loop and calls xas_pause(). The problem is that xas_pause() advances the loop counter - thereby skipping that page. What needs to happen is for xas_reset() to be called any time we decide we don't want to process the page we're looking at, but rather send the request we are building and start a new one. Fix this by copying and adapting the netfslib writepages code as a temporary measure, with cifs writeback intending to be offloaded to netfslib in the near future. This also fixes the issue with the use of filemap_get_folios_tag() causing retry of a bunch of pages which the extender already dealt with. This can be tested by creating, say, a 64K file somewhere not on cifs (otherwise copy-offload may get underfoot), mounting a cifs share with a wsize of 64000, copying the file to it and then comparing the original file and the copy: dd if=/dev/urandom of=/tmp/64K bs=64k count=1 mount //192.168.6.1/test /mnt -o user=...,pass=...,wsize=64000 cp /tmp/64K /mnt/64K cmp /tmp/64K /mnt/64K Without the fix, the cmp fails at position 64000 (or shortly thereafter). | |||||
| CVE-2025-58446 | 1 Mlc-ai | 1 Xgrammar | 2025-09-18 | N/A | 7.5 HIGH |
| xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and can be used for DOS of model providers. This issue is fixed in version 0.1.24. | |||||