Total
99518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40603 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-11-06 | N/A | 4.5 MEDIUM |
| A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. | |||||
| CVE-2024-13998 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.5 MEDIUM |
| Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or password hashes could lead to account compromise, abuse of API privileges, or offline cracking attempts. CVE-2024-13995 addresses a similar vulnerability with a potentially incomplete fix for the underlying problem in earlier versions. | |||||
| CVE-2025-12610 | 1 Codeastro | 1 Gym Management System | 2025-11-06 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2024-14002 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.5 MEDIUM |
| Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host. | |||||
| CVE-2013-10074 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Menu of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2023-7316 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2025-38240 | 1 Linux | 1 Linux Kernel | 2025-11-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically it can be called via this callpath: - mtk_edp_wait_hpd_asserted - [panel probe] - dp_aux_ep_probe Using "drm" level prints anywhere in this callpath causes a NULL pointer dereference. Change the error message directly in mtk_dp_wait_hpd_asserted() to dev_err() to avoid this. Also change the error messages in mtk_dp_parse_capabilities(), which is called by mtk_dp_wait_hpd_asserted(). While touching these prints, also add the error code to them to make future debugging easier. | |||||
| CVE-2023-7318 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to < 2024R1.0.2 are vulnerable to cross-site scripting (XSS) via the Nagios Core Command Expansion page. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2023-7323 | 1 Nagios | 1 Log Server | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2024-13993 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.1 MEDIUM |
| Nagios XI versions prior to < 2024R1.1.2 are vulnerable to a reflected cross-site scripting (XSS) via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI origin. The issue is observable under legacy browser behaviors; modern browsers may mitigate some vectors. | |||||
| CVE-2024-14000 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Capacity Planning Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2025-7938 | 1 Jerryshensjf | 1 Jpacookieshop | 2025-11-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0 and classified as critical. This issue affects the function updateGoods of the file GoodsController.java. The manipulation leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-14001 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to 2024R1.1.3 are vulnerable to cross-site scripting (XSS) via the Executive Summary Report component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2025-7939 | 1 Jerryshensjf | 1 Jpacookieshop | 2025-11-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. | |||||
| CVE-2025-58739 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-11-06 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-30664 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-11-06 | N/A | 6.6 MEDIUM |
| Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2013-10072 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.5 MEDIUM |
| Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discovery operations. | |||||
| CVE-2013-10071 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 6.1 MEDIUM |
| Nagios XI versions prior to 2012R1.6 contain a reflected cross-site scripting (XSS) vulnerability in the dashboard dashlet AJAX load functionality. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2011-10040 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-handling functions used by status and report pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||
| CVE-2011-10039 | 1 Nagios | 1 Nagios Xi | 2025-11-06 | N/A | 5.4 MEDIUM |
| Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the Alert Heatmap report and the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | |||||