Total
95541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52311 | 1 Amazon | 1 Data.all | 2025-09-19 | N/A | 6.3 MEDIUM |
| Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired. | |||||
| CVE-2024-10953 | 1 Amazon | 1 Data.all | 2025-09-19 | N/A | 4.3 MEDIUM |
| An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of. | |||||
| CVE-2024-33431 | 1 Stsaz | 1 Phiola | 2025-09-19 | N/A | 6.5 MEDIUM |
| An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. | |||||
| CVE-2024-34408 | 1 Tencent | 1 Libpag | 2025-09-19 | N/A | 5.3 MEDIUM |
| Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. | |||||
| CVE-2025-9851 | 2025-09-19 | N/A | 6.4 MEDIUM | ||
| The Appointmind plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appointmind_calendar' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-0088 | 2 Linux, Nvidia | 2 Linux Kernel, Triton Inference Server | 2025-09-19 | N/A | 5.5 MEDIUM |
| NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering. | |||||
| CVE-2024-0100 | 2 Linux, Nvidia | 2 Linux Kernel, Triton Inference Server | 2025-09-19 | N/A | 6.5 MEDIUM |
| NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering. | |||||
| CVE-2025-2404 | 2025-09-19 | N/A | 4.3 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS).This issue affects STOYS: from 2 before 20250916. | |||||
| CVE-2025-5022 | 2025-09-19 | N/A | 6.5 MEDIUM | ||
| Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product (measurement unit and display unit) to derive the password from the SSID. In addition, if the product is configured to enable the individual air conditioner control function, an attacker who has access to the Wi-Fi communication between the units by exploiting this vulnerability may be able to execute ECHONET Lite commands to perform operations such as turning the air conditioner on or off and changing the set temperature. The individual air conditioner control function is available only in display unit version 02.00.01 or later and measurement unit version 02.03.01 or later. The affected products discontinued in 2015, support ended in 2020. | |||||
| CVE-2024-47120 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-18 | N/A | 6.4 MEDIUM |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges. | |||||
| CVE-2025-52074 | 1 Phpgurukul | 1 Online Shopping Portal | 2025-09-18 | N/A | 6.1 MEDIUM |
| PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart. | |||||
| CVE-2025-44593 | 1 Halo | 1 Halo | 2025-09-18 | N/A | 6.1 MEDIUM |
| Halo prior to 2.20.13 allows bypassing file type detection and uploading malicious files such as .exe and .html files. Specifically, .html files can trigger stored XSS vulnerabilities. This vulnerability is fixed in 2.20.13 | |||||
| CVE-2025-44595 | 1 Halo | 1 Halo | 2025-09-18 | N/A | 6.1 MEDIUM |
| Halo v2.20.17 and before is vulnerable to Cross Site Scripting (XSS) in /halo_host/archives/{name}. | |||||
| CVE-2025-10407 | 1 Oretnom23 | 1 Student Grading System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-10408 | 1 Oretnom23 | 1 Student Grading System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10590 | 1 Portabilis | 1 I-educar | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_usuario_det.php. The manipulation of the argument ref_pessoa results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10593 | 1 Janobe | 1 Online Student File Management System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipulation of the argument stud_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2025-10594 | 1 Janobe | 1 Online Student File Management System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipulation of the argument stud_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-10605 | 1 Portabilis | 1 I-educar | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /agenda_preferencias.php. The manipulation of the argument tipoacao results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10606 | 1 Portabilis | 1 I-educar | 2025-09-18 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/Configuracao/ConfiguracaoMovimentoGeral. This manipulation of the argument tipoacao causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||