Total
3226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14195 | 1 Carmelogarcia | 1 Employee Profile Management System | 2025-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-14219 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-12-10 | 5.8 MEDIUM | 4.7 MEDIUM |
| A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2024-29843 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBILE_GET_USERS_LIST, allowing for an unauthenticated attacker to enumerate all users and their access levels | |||||
| CVE-2024-29842 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS, allowing for an unauthenticated attacker to return the abacard field of any user | |||||
| CVE-2024-29840 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS, allowing for an unauthenticated attacker to return the pin value of any user | |||||
| CVE-2024-29841 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS, allowing for an unauthenticated attacker to return the keys value of any user | |||||
| CVE-2024-29837 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 8.8 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an unauthenticated attacker to access administrator functionality if any other user is already signed in. | |||||
| CVE-2024-29836 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 9.8 CRITICAL |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowing for an unauthenticated attacker to update and add user profiles within the application, and gain full access of the site. | |||||
| CVE-2024-29839 | 1 Cs-technologies | 1 Evolution | 2025-12-10 | N/A | 7.5 HIGH |
| The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOP_EDIT_USER_GET_CARD, allowing for an unauthenticated attacker to return the card value data of any user | |||||
| CVE-2025-59810 | 1 Fortinet | 1 Fortisoar | 2025-12-09 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests | |||||
| CVE-2025-65796 | 1 Usememos | 1 Memos | 2025-12-09 | N/A | 4.3 MEDIUM |
| Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos. | |||||
| CVE-2025-65798 | 1 Usememos | 1 Memos | 2025-12-09 | N/A | 5.4 MEDIUM |
| Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users. | |||||
| CVE-2025-65795 | 1 Usememos | 1 Memos | 2025-12-09 | N/A | 7.5 HIGH |
| Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request. | |||||
| CVE-2025-47222 | 1 Keyfactor | 1 Signserver | 2025-12-09 | N/A | 6.5 MEDIUM |
| A class name enumeration issue was found in Keyfactor SignServer versions prior to 7.3.2. | |||||
| CVE-2025-47221 | 1 Keyfactor | 1 Signserver | 2025-12-09 | N/A | 5.3 MEDIUM |
| A file write issue was found in Keyfactor SignServer versions prior to 7.3.2. | |||||
| CVE-2025-47220 | 1 Keyfactor | 1 Signserver | 2025-12-09 | N/A | 5.3 MEDIUM |
| A file enumeration issue was found in Keyfactor SignServer versions prior to 7.3.2. | |||||
| CVE-2025-66557 | 1 Nextcloud | 1 Deck | 2025-12-09 | N/A | 5.4 MEDIUM |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the permissions of other recipients. This vulnerability is fixed in 1.14.6 and 1.15.2. | |||||
| CVE-2025-59702 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-08 | N/A | 7.2 HIGH |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components. | |||||
| CVE-2025-59703 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-08 | N/A | 9.1 CRITICAL |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack. | |||||
| CVE-2025-59697 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-08 | N/A | 7.2 HIGH |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06. | |||||