Total
306759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50848 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | N/A | 6.1 MEDIUM |
| A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users. | |||||
| CVE-2014-0468 | 1 Fusionforge | 1 Fusionforge | 2025-08-06 | N/A | 9.8 CRITICAL |
| Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506. | |||||
| CVE-2025-50850 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | N/A | 8.6 HIGH |
| An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks. | |||||
| CVE-2025-50867 | 1 Vishalmathur | 1 Cloudclassroom | 2025-08-06 | N/A | 6.5 MEDIUM |
| A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization. | |||||
| CVE-2013-1424 | 1 Debian | 1 Matplotlib | 2025-08-06 | N/A | 5.6 MEDIUM |
| Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |||||
| CVE-2025-25691 | 1 Prestashop | 1 Prestashop | 2025-08-06 | N/A | 6.5 MEDIUM |
| A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2024-45955 | 1 Rocketsoftware | 1 Zena | 2025-08-06 | N/A | 7.3 HIGH |
| Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. | |||||
| CVE-2025-41431 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-08-06 | N/A | 7.5 HIGH |
| When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-52490 | 1 Couchbase | 1 Sync Gateway | 2025-08-06 | N/A | 7.3 HIGH |
| An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. | |||||
| CVE-2025-22891 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2025-08-06 | N/A | 7.5 HIGH |
| When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-45346 | 1 Bacula | 1 Bacula-web | 2025-08-06 | N/A | 8.1 HIGH |
| SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request. | |||||
| CVE-2024-43018 | 1 Piwigo | 1 Piwigo | 2025-08-06 | N/A | 6.4 MEDIUM |
| Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in advanced way in /admin.php?page=user_list. | |||||
| CVE-2025-23239 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-08-06 | N/A | 8.7 HIGH |
| When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-51951 | 1 Andisearch | 1 Andisearch | 2025-08-06 | N/A | 6.1 MEDIUM |
| andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2025-50777 | 1 Aziot | 2 2mp Full Hd Smart Wi-fi Cctv Home Security Camera, 2mp Full Hd Smart Wi-fi Cctv Home Security Camera Firmware | 2025-08-06 | N/A | 7.8 HIGH |
| The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems. | |||||
| CVE-2025-50464 | 1 Iptime | 2 Nas, Nas Firmware | 2025-08-06 | N/A | 6.5 MEDIUM |
| A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication. | |||||
| CVE-2025-45620 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2025-08-06 | N/A | 8.1 HIGH |
| An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request | |||||
| CVE-2025-45619 | 1 Averusa | 2 Ptc310uv2, Ptc310uv2 Firmware | 2025-08-06 | N/A | 6.5 MEDIUM |
| An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function | |||||
| CVE-2025-25692 | 1 Prestashop | 1 Prestashop | 2025-08-06 | N/A | 6.5 MEDIUM |
| A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2025-51503 | 1 Microweber | 1 Microweber | 2025-08-06 | N/A | 7.6 HIGH |
| A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers. | |||||