Total
88191 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3986 | 2025-04-27 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-46687 | 2025-04-27 | N/A | 5.6 MEDIUM | ||
| quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | |||||
| CVE-2025-3984 | 2025-04-27 | 4.6 MEDIUM | 5.0 MEDIUM | ||
| A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groovy Code Handler. The manipulation leads to code injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3983 | 2025-04-27 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3235 | 2025-04-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/profile.php. The manipulation of the argument adminname/contactnumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3982 | 2025-04-27 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3969 | 2025-04-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52888 | 2025-04-27 | N/A | 5.4 MEDIUM | ||
| For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. | |||||
| CVE-2025-24054 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-04-27 | N/A | 6.5 MEDIUM |
| External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-3957 | 2025-04-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in opplus springboot-admin 1.0 and classified as critical. This issue affects some unknown processing of the file \src\main\resources\mapper\sys\SysLogDao.xml. The manipulation of the argument order leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3956 | 2025-04-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-46578 | 2025-04-27 | N/A | 6.5 MEDIUM | ||
| There are SQL injection vulnerabilities in multiple interfaces of the GoldenDB database product. Attackers can exploit these interfaces to inject commands and extract sensitive database information. | |||||
| CVE-2025-46577 | 2025-04-27 | N/A | 6.5 MEDIUM | ||
| There is a SQL injection vulnerability in the GoldenDB database product. Attackers can inject commands to extract database information. | |||||
| CVE-2025-46576 | 2025-04-27 | N/A | 5.4 MEDIUM | ||
| There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. | |||||
| CVE-2025-46575 | 2025-04-27 | N/A | 4.9 MEDIUM | ||
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2025-46574 | 2025-04-27 | N/A | 4.1 MEDIUM | ||
| There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information. | |||||
| CVE-2025-46673 | 2025-04-27 | N/A | 4.9 MEDIUM | ||
| NASA CryptoLib before 1.3.2 does not check whether the SA is in an operational state before use, possibly leading to a bypass of the Space Data Link Security protocol (SDLS). | |||||
| CVE-2025-3955 | 2025-04-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in codeprojects Patient Record Management System 1.0. This affects an unknown part of the file /edit_rpatient.php.php. The manipulation of the argument id/lastname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46655 | 2025-04-26 | N/A | 4.9 MEDIUM | ||
| CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers. | |||||
| CVE-2025-46654 | 2025-04-26 | N/A | 4.9 MEDIUM | ||
| CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file. | |||||