Export limit exceeded: 344754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344754 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10121 | 1 Dagg | 1 Uverif | 2025-09-09 | 6.3 Medium |
| A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-41701 | 1 Beckhoff | 1 Twincat | 2025-09-09 | 7.8 High |
| An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are executed in the user context. | ||||
| CVE-2025-40804 | 1 Siemens | 1 Simatic | 2025-09-09 | 9.1 Critical |
| A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. | ||||
| CVE-2025-40757 | 1 Siemens | 2 Apogee Pxc, Talon Tc | 2025-09-09 | 5.3 Medium |
| A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords. | ||||
| CVE-2025-10134 | 2 Bearsthemes, Wordpress | 2 Goza Nonprofit Charity Wordpress Theme, Wordpress | 2025-09-09 | 9.1 Critical |
| The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | ||||
| CVE-2025-10107 | 1 Trendnet | 1 Tew-831dr | 2025-09-09 | 4.7 Medium |
| A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7350 | 1 Rockwellautomation | 1 Stratix | 2025-09-09 | N/A |
| A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication. | ||||
| CVE-2025-47416 | 1 Crestron | 2 Touchscreen X60, Touchscreen X70 | 2025-09-09 | N/A |
| A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061 Fixed Firmware: no fixed released (product is discontinued and end of life) For x70 The Affected Firmware:- 3.000.0110.001 and versions below The Fixed Firmware:- 3.001.0031.001 | ||||
| CVE-2025-10183 | 1 Teccom | 1 Tecconnect | 2025-09-09 | 9.1 Critical |
| A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5. | ||||
| CVE-2025-9160 | 1 Rockwellautomation | 2 Compactlogix, Compactlogix 5480 | 2025-09-09 | N/A |
| A code execution security issue exists in the affected product. An attacker with physical access could abuse the maintenance menu of the controller with a crafted payload. The security issue can result in arbitrary code execution. | ||||
| CVE-2025-8448 | 1 Schneider-electric | 2 Ecostruxure Building Operation Enterprise Server, Ecostruxure Workstation | 2025-09-09 | N/A |
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause unauthorized access to sensitive credential data when an attacker is able to capture local SMB traffic between a valid user within the BMS network and the vulnerable products. | ||||
| CVE-2025-8449 | 1 Schneider-electric | 3 Ecostruxure Building Operation Enterprise Server, Ecostruxure Enterprise Server, Ecostruxure Workstation | 2025-09-09 | N/A |
| CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network. | ||||
| CVE-2024-12399 | 2025-09-09 | 7.1 High | ||
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. | ||||
| CVE-2025-50586 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 6.5 Medium |
| StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF). | ||||
| CVE-2025-50585 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 8.8 High |
| StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl. | ||||
| CVE-2025-50584 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module. | ||||
| CVE-2025-10116 | 2025-09-09 | 7.3 High | ||
| A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-50582 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module. | ||||
| CVE-2025-50583 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. | ||||
| CVE-2025-10115 | 2025-09-09 | 7.3 High | ||
| A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||