Total
83759 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-49367 | 2025-09-19 | N/A | 8.8 HIGH | ||
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. | |||||
CVE-2025-10456 | 2025-09-19 | N/A | 7.1 HIGH | ||
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed channel, which is not allowed per the Bluetooth specification. This leads to undefined behavior, including potential assertion failures, crashes, or memory corruption, depending on the BLE stack implementation. | |||||
CVE-2025-10458 | 2025-09-19 | N/A | 7.6 HIGH | ||
Parameters are not validated or sanitized, and are later used in various internal operations. | |||||
CVE-2025-57528 | 2025-09-19 | N/A | 7.7 HIGH | ||
An issue was discovered in Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function (uri path: SetCfm). | |||||
CVE-2025-53969 | 2025-09-19 | N/A | 8.8 HIGH | ||
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network settings or modifying users' access to the device. | |||||
CVE-2025-54497 | 2025-09-19 | N/A | 8.1 HIGH | ||
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSerialPort functionality to modify relevant device properties (such as serial interface settings), contradicting the security model proposed in the user manual. | |||||
CVE-2025-53947 | 2025-09-19 | N/A | 7.7 HIGH | ||
A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content. | |||||
CVE-2025-7403 | 2025-09-19 | N/A | 7.6 HIGH | ||
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption. | |||||
CVE-2025-59424 | 2025-09-19 | N/A | 7.3 HIGH | ||
LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting (XSS) vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker can set a malicious JavaScript payload as their username. When an action performed by this user is recorded (e.g., generate or revoke an API token), the payload is stored in the database. The script is then executed in the browser of any user, particularly administrators, who views the /system/audit page. This vulnerability is fixed in 2.3.1. | |||||
CVE-2025-9969 | 2025-09-19 | N/A | 7.1 HIGH | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS.This issue affects Real Estate Packages: before 5.1. | |||||
CVE-2025-10712 | 2025-09-19 | 7.5 HIGH | 7.3 HIGH | ||
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2025-7665 | 2025-09-19 | N/A | 8.1 HIGH | ||
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to Administrator. Premium features must be enabled in order to exploit the vulnerability. | |||||
CVE-2025-59216 | 2025-09-19 | N/A | 7.0 HIGH | ||
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
CVE-2025-54810 | 2025-09-19 | N/A | 8.0 HIGH | ||
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality handles sensitive data such as registered usernames and passwords over an unencrypted channel, allowing an adjacent attacker to intercept valid credentials to gain access to the device. | |||||
CVE-2025-5955 | 2025-09-19 | N/A | 8.1 HIGH | ||
The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it possible for unauthenticated attackers to login as arbitrary users. | |||||
CVE-2025-55912 | 2025-09-19 | N/A | 7.3 HIGH | ||
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler | |||||
CVE-2025-50255 | 2025-09-19 | N/A | 7.8 HIGH | ||
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request. | |||||
CVE-2025-59215 | 2025-09-19 | N/A | 7.0 HIGH | ||
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
CVE-2025-54754 | 2025-09-19 | N/A | 8.0 HIGH | ||
An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cognex device. | |||||
CVE-2024-30250 | 1 Kindspells | 1 Astro-shield | 2025-09-19 | N/A | 7.5 HIGH |
Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid `integrity` attributes to the injected code. This implies that the injected SRI hash would be added to the generated CSP header, which would lead the browser to believe that the injected resource is legit. This vulnerability is patched in version 1.3.2. |