Total
83716 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59353 | 1 Linuxfoundation | 1 Dragonfly | 2025-09-18 | N/A | 7.5 HIGH |
| Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the peer connects from the same IP address as the one provided in the certificate request. This vulnerability is fixed in 2.1.0. | |||||
| CVE-2025-10402 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2025-10403 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the argument viewid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-10404 | 1 Itsourcecode | 1 Baptism Information Management System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2025-10413 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-10414 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-10415 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-10416 | 1 Campcodes | 1 Grocery Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-10426 | 1 Campcodes | 1 Online Laundry Management System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10425 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2025-10424 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-10435 | 1 Campcodes | 1 Computer Sales And Inventory System | 2025-09-18 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_edit1.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-57062 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-57069 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-57070 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-57087 | 1 Tenda | 2 W30e, W30e Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-57071 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2025-57072 | 1 Tenda | 2 G3, G3 Firmware | 2025-09-18 | N/A | 7.5 HIGH |
| Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | |||||
| CVE-2023-49565 | 2025-09-18 | N/A | 8.4 HIGH | ||
| The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen Python function without adequate validation, enabling a remote attacker to execute arbitrary commands on the underlying system by crafting malicious header values within an HTTP request to the affected endpoint. The web service executes with root privileges within the container environment, the demonstrated remote code execution permits an attacker to acquire elevated privileges for the command execution. Restricting access to the management network with an external firewall can partially mitigate this risk. | |||||
| CVE-2023-49564 | 2025-09-18 | N/A | 8.8 HIGH | ||
| The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine. The risk can be partially mitigated by restricting access to the management network using external firewall. | |||||