Total
95263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54474 | 2025-08-15 | N/A | N/A | ||
| A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. | |||||
| CVE-2025-9036 | 2025-08-15 | N/A | N/A | ||
| A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | |||||
| CVE-2025-7973 | 2025-08-15 | N/A | N/A | ||
| A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation. | |||||
| CVE-2025-54475 | 2025-08-15 | N/A | N/A | ||
| A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | |||||
| CVE-2025-55726 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55725 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55724 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55723 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55722 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55721 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55720 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55719 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-55718 | 2025-08-15 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-48387 | 2025-08-14 | N/A | N/A | ||
| tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories. | |||||
| CVE-2025-7761 | 2025-08-14 | N/A | N/A | ||
| Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did not respond in any way. Potentially all versions are vulnerable. | |||||
| CVE-2025-34154 | 2025-08-14 | N/A | N/A | ||
| UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system — including sensitive OS-level files — without authentication. | |||||
| CVE-2012-10060 | 2025-08-14 | N/A | N/A | ||
| Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service. | |||||
| CVE-2012-10059 | 2025-08-14 | N/A | N/A | ||
| Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | |||||
| CVE-2012-10058 | 2025-08-14 | N/A | N/A | ||
| RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process. | |||||
| CVE-2012-10057 | 2025-08-14 | N/A | N/A | ||
| Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges. | |||||