Total
309182 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54241 | 2025-09-09 | 5.5 Medium | ||
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54240 | 2025-09-09 | 5.5 Medium | ||
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54239 | 2025-09-09 | 5.5 Medium | ||
| After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-8449 | 1 Schneider-electric | 3 Ecostruxure Building Operation Enterprise Server, Ecostruxure Enterprise Server, Ecostruxure Workstation | 2025-09-09 | N/A |
| CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service when an authenticated user sends a specially crafted request to a specific endpoint from within the BMS network. | ||||
| CVE-2024-12399 | 2025-09-09 | 7.1 High | ||
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. | ||||
| CVE-2025-34175 | 2025-09-09 | N/A | ||
| In pfSense CEĀ /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated. | ||||
| CVE-2025-36125 | 1 Ibm | 1 Power Hardware Management Console | 2025-09-09 | 6.4 Medium |
| IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-8277 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-09-09 | 3.1 Low |
| A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. | ||||
| CVE-2025-10122 | 2025-09-09 | 4.7 Medium | ||
| A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-50586 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 6.5 Medium |
| StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF). | ||||
| CVE-2025-50585 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 8.8 High |
| StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl. | ||||
| CVE-2025-50584 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module. | ||||
| CVE-2025-10116 | 2025-09-09 | 7.3 High | ||
| A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-50582 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module. | ||||
| CVE-2025-50583 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. | ||||
| CVE-2025-10115 | 2025-09-09 | 7.3 High | ||
| A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-57278 | 2025-09-09 | N/A | ||
| The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or verifying client identity. There are no session tokens, cookies, or unique identifiers in place. This flaw allows an attacker to obtain full administrative access simply by configuring their device to use the same IP address as a previously authenticated user. This results in a complete authentication bypass. | ||||
| CVE-2025-55728 | 2025-09-09 | 10 Critical | ||
| XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for any user who can edit any page The classes parameter is used without escaping in XWiki syntax, thus allowing XWiki syntax injection which enables remote code execution. Version 1.26.5 contains a patch for the issue. | ||||
| CVE-2025-43775 | 2025-09-09 | N/A | ||
| Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via remote app title field. | ||||
| CVE-2025-1053 | 1 Broadcom | 1 Brocade Sannav | 2025-09-09 | 4.9 Medium |
| Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | ||||