Total
3897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42048 | 2025-08-07 | 6.5 Medium | ||
| OpenOrange Business Framework 1.15.5 provides unprivileged users with write access to the installation directory. | ||||
| CVE-2024-55402 | 2025-08-07 | 5.3 Medium | ||
| 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. | ||||
| CVE-2021-34753 | 1 Cisco | 1 Firepower Threat Defense Software | 2025-08-07 | 5.8 Medium |
| A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet. | ||||
| CVE-2025-44657 | 1 Linksys | 2 Ea6350, Ea6350 Firmware | 2025-08-07 | 3.9 Low |
| In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | ||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | ||||
| CVE-2025-27062 | 1 Qualcomm | 1 Snapdragon | 2025-08-06 | 7.8 High |
| Memory corruption while handling client exceptions, allowing unauthorized channel access. | ||||
| CVE-2025-46391 | 2025-08-06 | 6.5 Medium | ||
| CWE-284: Improper Access Control | ||||
| CVE-2024-42655 | 1 Emqx | 1 Nanomq | 2025-08-06 | 8.8 High |
| An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. | ||||
| CVE-2025-8379 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 4.7 Medium |
| A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-52289 | 1 Magnussolution | 1 Magnusbilling | 2025-08-06 | 8 High |
| A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval. | ||||
| CVE-2025-50850 | 1 Cs-cart | 1 Cs-cart | 2025-08-06 | 8.6 High |
| An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks. | ||||
| CVE-2025-50777 | 1 Aziot | 2 2mp Full Hd Smart Wi-fi Cctv Home Security Camera, 2mp Full Hd Smart Wi-fi Cctv Home Security Camera Firmware | 2025-08-06 | 7.8 High |
| The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems. | ||||
| CVE-2025-51060 | 2 Cpuid, Microsoft | 2 Cpu-z, Windows | 2025-08-06 | 6.5 Medium |
| An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. Through this process, the attacker can modify MSR_LSTAR and hook KiSystemCall64. Afterward, using Return-Oriented Programming (ROP), the attacker can manipulate the stack with pre-prepared gadgets, disable the SMAP flag in the CR4 register, and execute a user-mode syscall handler in the kernel context. It has not been confirmed whether this works on 32-bit Windows, but it functions on 64-bit Windows if the core isolation feature is either absent or disabled. | ||||
| CVE-2025-43980 | 2025-08-05 | 6.5 Medium | ||
| An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account. | ||||
| CVE-2025-51627 | 2025-08-05 | 6.5 Medium | ||
| Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator. | ||||
| CVE-2025-8171 | 2 Code-projects, Fabian | 2 Document Management System, Document Management System | 2025-08-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8174 | 2 Code-projects, Fabian | 2 Voting System, Voting System | 2025-08-05 | 6.3 Medium |
| A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7898 | 1 Ambitiousitbd | 1 Identsoft | 2025-08-05 | 4.7 Medium |
| A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-46118 | 3 Commscope, Ruckus, Ruckuswireless | 44 Ruckus C110, Ruckus E510, Ruckus H320 and 41 more | 2025-08-05 | 5.3 Medium |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139 and in Ruckus ZoneDirector prior to 10.5.1.0.279, where hard-coded credentials for the ftpuser account provide FTP access to the controller, enabling a remote attacker to upload or retrieve arbitrary files from writable firmware directories and thereby expose sensitive information or compromise the controller. | ||||
| CVE-2024-11045 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-08-05 | N/A |
| A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS). | ||||