Total
10465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10061 | 1 Mongodb | 1 Mongodb | 2025-09-18 | N/A | 6.5 MEDIUM |
| An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to denial of service if triggered repeatedly. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions prior to 8.1.2 | |||||
| CVE-2025-54123 | 1 Hoverfly | 1 Hoverfly | 2025-09-17 | N/A | 9.8 CRITICAL |
| Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at `/api/v2/hoverfly/middleware` endpoint due to insufficient validation and sanitization in user input. The vulnerability exists in the middleware management API endpoint `/api/v2/hoverfly/middleware`. This issue is born due to combination of three code level flaws: Insufficient Input Validation in middleware.go line 94-96; Unsafe Command Execution in local_middleware.go line 14-19; and Immediate Execution During Testing in hoverfly_service.go line 173. This allows an attacker to gain remote code execution (RCE) on any system running the vulnerable Hoverfly service. Since the input is directly passed to system commands without proper checks, an attacker can upload a malicious payload or directly execute arbitrary commands (including reverse shells) on the host server with the privileges of the Hoverfly process. Commit 17e60a9bc78826deb4b782dca1c1abd3dbe60d40 in version 1.12.0 disables the set middleware API by default, and subsequent changes to documentation make users aware of the security changes of exposing the set middleware API. | |||||
| CVE-2025-56404 | 1 Mariadb | 1 Model Context Protocol | 2025-09-17 | N/A | 7.5 HIGH |
| An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation. | |||||
| CVE-2025-8007 | 1 Rockwellautomation | 10 1756-en2tr Series A, 1756-en2tr Series A Firmware, 1756-en2tr Series B and 7 more | 2025-09-17 | N/A | 6.5 MEDIUM |
| A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable (MNFR) fault. This condition may lead to unexpected system crashes and loss of device availability. | |||||
| CVE-2025-59161 | 2025-09-17 | N/A | N/A | ||
| Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room. | |||||
| CVE-2025-1087 | 2025-09-17 | N/A | N/A | ||
| Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application. | |||||
| CVE-2025-43342 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-09-17 | N/A | 9.8 CRITICAL |
| A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43347 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-09-17 | N/A | 9.8 CRITICAL |
| This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An input validation issue was addressed. | |||||
| CVE-2025-43299 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service. | |||||
| CVE-2025-43293 | 1 Apple | 1 Macos | 2025-09-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | |||||
| CVE-2025-30480 | 1 Dell | 1 Powerprotect Data Manager | 2025-09-16 | N/A | 6.5 MEDIUM |
| Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | |||||
| CVE-2024-30078 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-15 | N/A | 8.8 HIGH |
| Windows Wi-Fi Driver Remote Code Execution Vulnerability | |||||
| CVE-2025-7099 | 1 Boyuncms Project | 1 Boyuncms | 2025-09-15 | 5.1 MEDIUM | 5.6 MEDIUM |
| A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component Installation Handler. The manipulation of the argument db_host leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-10433 | 2025-09-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.1 is capable of addressing this issue. It is suggested to upgrade the affected component. | |||||
| CVE-2025-6709 | 1 Mongodb | 1 Mongodb | 2025-09-15 | N/A | 7.5 HIGH |
| The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5. The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. | |||||
| CVE-2025-50674 | 1 Openmediavault | 1 Openmediavault | 2025-09-12 | N/A | 7.8 HIGH |
| An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root. | |||||
| CVE-2025-54250 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 4.9 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. | |||||
| CVE-2025-54248 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 7.7 HIGH |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed | |||||
| CVE-2025-54247 | 1 Adobe | 1 Experience Manager | 2025-09-12 | N/A | 6.5 MEDIUM |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. | |||||
| CVE-2025-9287 | 1 Browserify | 1 Cipher-base | 2025-09-12 | N/A | 9.1 CRITICAL |
| Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. | |||||