Export limit exceeded: 342506 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342506 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1880 | 1 I-drive | 2 I11, I12 | 2025-07-12 | 2 Low |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been classified as problematic. Affected is an unknown function of the component Device Pairing. The manipulation leads to authentication bypass by primary weakness. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2025-1881 | 1 I-drive | 2 I11, I12 | 2025-07-12 | 4.3 Medium |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2025-1882 | 1 I-drive | 2 I11, I12 | 2025-07-12 | 5 Medium |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been rated as critical. Affected by this issue is some unknown functionality of the component Device Setting Handler. The manipulation leads to improper access control for register interface. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2025-1886 | 1 Sage | 1 Sage 200 Spain | 2025-07-12 | N/A |
| Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials. | ||||
| CVE-2025-1887 | 1 Sage | 1 Sage 200 Spain | 2025-07-12 | N/A |
| SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker. | ||||
| CVE-2025-1896 | 1 Tenda | 1 Tx3 | 2025-07-12 | 6.5 Medium |
| A vulnerability classified as critical was found in Tenda TX3 16.03.13.11_multi. This vulnerability affects unknown code of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1898 | 1 Tenda | 1 Tx3 | 2025-07-12 | 6.5 Medium |
| A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1906 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-07-12 | 4.7 Medium |
| A vulnerability has been found in PHPGurukul Restaurant Table Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-20011 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker case DOS through missing release of memory. | ||||
| CVE-2025-20061 | 1 Myscada | 1 Mypro Manager | 2025-07-12 | 9.8 Critical |
| mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system. | ||||
| CVE-2025-20091 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.8 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. This vulnerability can be exploited only in restricted scenarios. | ||||
| CVE-2025-21089 | 1 Openharmony | 1 Openharmony | 2025-07-12 | 3.3 Low |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2025-22146 | 1 Getsentry | 1 Sentry | 2025-07-12 | 9.1 Critical |
| Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-22152 | 1 Atheos | 1 Atheos | 2025-07-12 | 9.1 Critical |
| Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600. | ||||
| CVE-2025-22270 | 1 Cyberark | 1 Endpoint Privilege Manager | 2025-07-12 | N/A |
| An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy, which mitigates JS code execution while still allowing HTML injection. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-22271 | 1 Cyberark | 1 Endpoint Privilege Manager | 2025-07-12 | N/A |
| The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-22272 | 1 Cyberark | 1 Endpoint Privilege Manager | 2025-07-12 | N/A |
| In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-22273 | 1 Cyberark | 1 Endpoint Privilege Manager | 2025-07-12 | N/A |
| Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-22274 | 1 Cyberark | 1 Endpoint Privilege Manager | 2025-07-12 | N/A |
| It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. | ||||
| CVE-2025-22350 | 2 Wordpress, Wpindeed | 2 Wordpress, Ultimate Learning Pro | 2025-07-12 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9. | ||||