Total
306406 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52203 | 1 Devaslanphp | 1 Project Management | 2025-08-06 | N/A | 7.6 HIGH |
| A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context. | |||||
| CVE-2025-52187 | 1 Getprojects | 1 Create School Management System | 2025-08-06 | N/A | 8.2 HIGH |
| GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php. | |||||
| CVE-2025-8454 | 1 Debian | 1 Devscripts | 2025-08-06 | N/A | 9.8 CRITICAL |
| It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | |||||
| CVE-2025-51954 | 1 Electronhub | 1 Ai Playground | 2025-08-06 | N/A | 6.1 MEDIUM |
| playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2025-4674 | 2025-08-06 | N/A | 8.6 HIGH | ||
| The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected. | |||||
| CVE-2025-43276 | 1 Apple | 1 Macos | 2025-08-06 | N/A | 5.3 MEDIUM |
| A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time. | |||||
| CVE-2012-10034 | 2025-08-06 | N/A | N/A | ||
| ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks. | |||||
| CVE-2012-10033 | 2025-08-06 | N/A | N/A | ||
| Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context. | |||||
| CVE-2012-10029 | 2025-08-06 | N/A | N/A | ||
| Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution. | |||||
| CVE-2024-28883 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2025-08-06 | N/A | 7.4 HIGH |
| An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2015-0849 | 1 Debian | 1 Pycode-browser | 2025-08-06 | N/A | 3.9 LOW |
| pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. | |||||
| CVE-2015-0843 | 1 Debian | 1 Yubiserver | 2025-08-06 | N/A | 9.8 CRITICAL |
| yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | |||||
| CVE-2015-0842 | 1 Debian | 1 Yubiserver | 2025-08-06 | N/A | 9.8 CRITICAL |
| yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | |||||
| CVE-2025-20120 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-08-06 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2024-20374 | 1 Cisco | 1 Secure Firewall Management Center | 2025-08-06 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials. | |||||
| CVE-2021-34750 | 1 Cisco | 1 Secure Firewall Management Center | 2025-08-06 | N/A | 4.3 MEDIUM |
| A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privilege credentials on an affected device. This vulnerability is due to lack of proper encryption of sensitive information stored within the GUI configuration manager. An attacker could exploit this vulnerability by logging into the FMC GUI and navigating to certain sensitive configurations. A successful exploit could allow the attacker to view sensitive configuration parameters in clear text.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.[[Publication_URL{Layout()}]]This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see . | |||||
| CVE-2024-20330 | 1 Cisco | 6 Firepower 2100, Firepower 2110, Firepower 2120 and 3 more | 2025-08-06 | N/A | 8.6 HIGH |
| A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly. This vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network. Note: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded. | |||||
| CVE-2025-8586 | 2025-08-06 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-8585 | 2025-08-06 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2013-10063 | 2025-08-06 | N/A | N/A | ||
| A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data. | |||||