Total
308618 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24916 | 2 Checkpoint, Microsoft | 2 Smartconsole, Windows | 2025-09-04 | 6.5 Medium |
| Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). | ||||
| CVE-2025-9941 | 1 Codeastro | 1 Real Estate Management System | 2025-09-04 | 6.3 Medium |
| A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2024-39755 | 1 Veertu | 2 Anka Build, Anka Build Cloud | 2025-09-04 | 7.8 High |
| A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-41433 | 1 Pingcap | 1 Tidb | 2025-09-04 | 9.8 Critical |
| PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component expression.ExplainExpressionList. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. NOTE: PingCAP maintains that the actual reproduction of this issue did not cause the security impact of service interruption to other users. They argue that this is a complex query bug and not a DoS vulnerability. | ||||
| CVE-2024-41434 | 1 Pingcap | 1 Tidb | 2025-09-04 | 4.3 Medium |
| PingCAP TiDB v8.1.0 was discovered to contain a buffer overflow via the component (*Column).GetDecimal. This allows attackers to cause a Denial of Service (DoS) via a crafted input to the 'RemoveUnnecessaryFirstRow', it will check the expression between 'Agg' and 'GroupBy', but does not check the return type. NOTE: PingCAP disputes this, arguing that reproduction did not cause the security impact of service interruption to other users. They maintain it is a complex query bug in the product but not a DoS. | ||||
| CVE-2025-9752 | 2 D-link, Dlink | 3 Dir-852, Dir-852, Dir-852 Firmware | 2025-09-04 | 7.3 High |
| A security vulnerability has been detected in D-Link DIR-852 1.00CN B09. Impacted is the function soapcgi_main of the file soap.cgi of the component SOAP Service. Such manipulation of the argument service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-9749 | 1 Hkritesh009 | 2 Grocery List Management Web, Grocery List Management Web App | 2025-09-04 | 7.3 High |
| A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-9754 | 1 Campcodes | 1 Online Hospital Management System | 2025-09-04 | 3.5 Low |
| A flaw has been found in Campcodes Online Hospital Management System 1.0. The impacted element is an unknown function of the file /edit-profile.php of the component Edit Profile Page. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-9753 | 1 Campcodes | 1 Online Hospital Management System | 2025-09-04 | 2.4 Low |
| A vulnerability was detected in Campcodes Online Hospital Management System 1.0. The affected element is an unknown function of the file /admin/patient-search.php of the component Patient Search Module. Performing manipulation of the argument Search by Name Mobile No results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2024-39700 | 1 Jupyter | 1 Jupyterlab | 2025-09-04 | 10 Critical |
| JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration. | ||||
| CVE-2025-9746 | 1 Campcodes | 2 Hospital Management System, Online Hospital Management System | 2025-09-04 | 2.4 Low |
| A vulnerability was detected in Campcodes Hospital Management System 1.0. This affects an unknown function of the file /admin/edit-doctor-specialization.php of the component Edit Doctor Specialization Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-41032 | 1 Apprain | 1 Apprain | 2025-09-04 | 9.8 Critical |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/. | ||||
| CVE-2025-41033 | 1 Apprain | 1 Apprain | 2025-09-04 | 9.8 Critical |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create. | ||||
| CVE-2025-41034 | 1 Apprain | 1 Apprain | 2025-09-04 | 9.8 Critical |
| An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/. | ||||
| CVE-2025-41035 | 1 Apprain | 1 Apprain | 2025-09-04 | 6.5 Medium |
| A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/. | ||||
| CVE-2025-41036 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Admin][description]', 'data[Admin][f_name]' and 'data[Admin][l_name]' parameters in /apprain/admin/account/edit. | ||||
| CVE-2025-41037 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[FileManager][search]' parameter in /apprain/admin/filemanager. | ||||
| CVE-2025-41043 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[AppReportCode][id]' and 'data[AppReportCode][name]' parameters in /apprain/appreport/manage/. | ||||
| CVE-2025-41044 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[Page][name]' parameter in /apprain/page/manage-static-pages/create. | ||||
| CVE-2025-41045 | 1 Apprain | 1 Apprain | 2025-09-04 | 5.4 Medium |
| A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'data[sconfig][ethical_licensekey]' parameter in /apprain/admin/config/ethical. | ||||