Total
5302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23348 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
| NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-23349 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
| NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-23353 | 1 Nvidia | 1 Megatron-lm | 2025-10-10 | N/A | 7.8 HIGH |
| NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering. | |||||
| CVE-2025-5879 | 1 72crm | 1 Wukong Crm | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4495 | 1 Jadmin-java | 1 Jadmin | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13143 | 1 Zerowdd | 1 Studentmanager | 2025-10-10 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-3554 | 1 Phpshe | 1 Phpshe | 2025-10-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3560 | 1 Ghostxbh | 1 Uzy-ssm-mall | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3591 | 1 Zhenfeng13 | 1 My-blog-layui | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3592 | 1 Zhenfeng13 | 1 My-blog-layui | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11512 | 1 Fabian | 1 Voting System | 2025-10-10 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/voters_add.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-0972 | 1 Zenvia | 1 Movidesk | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-0971 | 1 Zenvia | 1 Movidesk | 2025-10-10 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-9931 | 1 Jinher | 1 Jinher Oa | 2025-10-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-51387 | 1 Axosoft | 1 Gitkraken Desktop | 2025-10-09 | N/A | 9.8 CRITICAL |
| The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution. | |||||
| CVE-2025-61593 | 1 Anysphere | 1 Cursor | 2025-10-09 | N/A | 7.1 HIGH |
| Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e. */.cursor/cli.json) allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive filesystems. This issue is fixed in a commit, 25b418f, but has yet to be released as of October 3, 2025. | |||||
| CVE-2025-11390 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-10-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in PHPGurukul Cyber Cafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php of the component POST Parameter Handler. Executing manipulation of the argument searchdata can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-11425 | 1 Projectworlds | 1 Advanced Library Management System | 2025-10-09 | 3.3 LOW | 2.4 LOW |
| A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Other parameters might be affected as well. | |||||
| CVE-2025-11421 | 1 Fabian | 1 Voting System | 2025-10-09 | 4.0 MEDIUM | 3.5 LOW |
| A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2025-11433 | 1 Itsourcecode | 1 Leave Management System | 2025-10-09 | 4.0 MEDIUM | 3.5 LOW |
| A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | |||||