Total
306740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55011 | 1 Kanboard | 1 Kanboard | 2025-08-22 | N/A | 6.4 MEDIUM |
| Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47. | |||||
| CVE-2025-54254 | 1 Adobe | 1 Experience Manager Forms | 2025-08-22 | N/A | 8.6 HIGH |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system, scope is changed. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-49557 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-22 | N/A | 8.7 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. | |||||
| CVE-2025-46789 | 1 Zoom | 1 Zoom | 2025-08-22 | N/A | 6.5 MEDIUM |
| Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access. | |||||
| CVE-2025-52473 | 1 Openquantumsafe | 1 Liboqs | 2025-08-22 | N/A | 5.9 MEDIUM |
| liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0. | |||||
| CVE-2024-13200 | 1 Wander-chu | 1 Springboot-blog | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-53642 | 1 Psu | 2 Haxcms-nodejs, Haxcms-php | 2025-08-22 | N/A | 4.8 MEDIUM |
| haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6. | |||||
| CVE-2024-13201 | 1 Wander-chu | 1 Springboot-blog | 2025-08-22 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13202 | 1 Wander-chu | 1 Springboot-blog | 2025-08-22 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0333 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0334 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0344 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0345 | 1 Leiyuxi | 1 Cy-fast | 2025-08-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-45061 | 1 Observium | 1 Observium | 2025-08-22 | N/A | 8.7 HIGH |
| A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | |||||
| CVE-2024-47002 | 1 Observium | 1 Observium | 2025-08-22 | N/A | 8.7 HIGH |
| A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker. | |||||
| CVE-2025-22129 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 4.3 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. In affected versions an unauthorized user might get access to restricted information. This issue has been addressed in Tuleap Community Edition 16.3.99.1736242932, Tuleap Enterprise Edition 16.2-5, and Tuleap Enterprise Edition 16.3-2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-47140 | 1 Observium | 1 Observium | 2025-08-22 | N/A | 8.7 HIGH |
| A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | |||||
| CVE-2024-52599 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 5.4 MEDIUM |
| Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix. | |||||
| CVE-2025-36512 | 1 Bloomberg | 1 Comdb2 | 2025-08-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. | |||||
| CVE-2025-36520 | 1 Bloomberg | 1 Comdb2 | 2025-08-22 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability. | |||||