Total
306815 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8378 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8379 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42651 | 1 Emqx | 1 Nanomq | 2025-08-06 | N/A | 7.5 HIGH |
| NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message. | |||||
| CVE-2025-8380 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8381 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Campcodes Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /add_reserve.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8382 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of the argument room_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2014-7210 | 1 Debian | 2 Debian Linux, Pdns | 2025-08-06 | N/A | 9.8 CRITICAL |
| pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. | |||||
| CVE-2025-52289 | 1 Magnussolution | 1 Magnusbilling | 2025-08-06 | N/A | 8.0 HIGH |
| A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval. | |||||
| CVE-2014-6274 | 1 Git-annex Project | 1 Git-annex | 2025-08-06 | N/A | 7.5 HIGH |
| git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919. | |||||
| CVE-2025-50847 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | N/A | 6.5 MEDIUM |
| Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request. | |||||
| CVE-2025-50848 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | N/A | 6.1 MEDIUM |
| A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users. | |||||
| CVE-2014-0468 | 1 Fusionforge | 1 Fusionforge | 2025-08-06 | N/A | 9.8 CRITICAL |
| Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506. | |||||
| CVE-2025-50850 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | N/A | 8.6 HIGH |
| An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks. | |||||
| CVE-2025-50867 | 1 Vishalmathur | 1 Cloudclassroom | 2025-08-06 | N/A | 6.5 MEDIUM |
| A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization. | |||||
| CVE-2013-1424 | 1 Debian | 1 Matplotlib | 2025-08-06 | N/A | 5.6 MEDIUM |
| Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. | |||||
| CVE-2025-25691 | 1 Prestashop | 1 Prestashop | 2025-08-06 | N/A | 6.5 MEDIUM |
| A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2024-45955 | 1 Rocketsoftware | 1 Zena | 2025-08-06 | N/A | 7.3 HIGH |
| Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. | |||||
| CVE-2025-41431 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2025-08-06 | N/A | 7.5 HIGH |
| When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic group. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-52490 | 1 Couchbase | 1 Sync Gateway | 2025-08-06 | N/A | 7.3 HIGH |
| An issue was discovered in Couchbase Sync Gateway before 3.2.6. In sgcollect_info_options.log and sync_gateway.log, there are cleartext passwords in redacted and unredacted output. | |||||
| CVE-2025-22891 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2025-08-06 | N/A | 7.5 HIGH |
| When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||