Total
5219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12311 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-10-30 | 3.3 LOW | 2.4 LOW |
| A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2025-12312 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-10-30 | 3.3 LOW | 2.4 LOW |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2022-22954 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-10-30 | 10.0 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | |||||
| CVE-2025-12333 | 1 Fabian | 1 E-commerce Website | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-22965 | 5 Cisco, Oracle, Siemens and 2 more | 39 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 36 more | 2025-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | |||||
| CVE-2025-8848 | 1 Librechat | 1 Librechat | 2025-10-30 | N/A | 5.4 MEDIUM |
| A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks. | |||||
| CVE-2025-12303 | 2025-10-30 | 3.3 LOW | 2.4 LOW | ||
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12302 | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-12289 | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12290 | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12282 | 2025-10-30 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12299 | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-12281 | 2025-10-30 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-12298 | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-12280 | 2025-10-30 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-12300 | 2025-10-30 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-56399 | 2025-10-30 | N/A | 8.8 HIGH | ||
| alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code. | |||||
| CVE-2025-12330 | 2025-10-30 | 3.3 LOW | 2.4 LOW | ||
| A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-6204 | 1 3ds | 1 Delmia Apriso | 2025-10-29 | N/A | 8.0 HIGH |
| An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | |||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.6 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||