Total
309249 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12399 | 2025-09-09 | 7.1 High | ||
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. | ||||
| CVE-2025-36125 | 1 Ibm | 1 Power Hardware Management Console | 2025-09-09 | 6.4 Medium |
| IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-8277 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-09-09 | 3.1 Low |
| A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. | ||||
| CVE-2025-10122 | 2025-09-09 | 4.7 Medium | ||
| A vulnerability was found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-50586 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 6.5 Medium |
| StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF). | ||||
| CVE-2025-50585 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 8.8 High |
| StudentManage v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/adminStudentUrl. | ||||
| CVE-2025-50584 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Teacher module. | ||||
| CVE-2025-10116 | 2025-09-09 | 7.3 High | ||
| A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-50582 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module. | ||||
| CVE-2025-50583 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. | ||||
| CVE-2025-10115 | 2025-09-09 | 7.3 High | ||
| A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-57278 | 2025-09-09 | N/A | ||
| The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants access to any other client using that same IP, without requiring credentials or verifying client identity. There are no session tokens, cookies, or unique identifiers in place. This flaw allows an attacker to obtain full administrative access simply by configuring their device to use the same IP address as a previously authenticated user. This results in a complete authentication bypass. | ||||
| CVE-2025-1053 | 1 Broadcom | 1 Brocade Sannav | 2025-09-09 | 4.9 Medium |
| Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | ||||
| CVE-2024-7517 | 1 Brocade | 1 Fabric Os | 2025-09-09 | N/A |
| A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | ||||
| CVE-2024-5461 | 2025-09-09 | N/A | ||
| Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root. | ||||
| CVE-2025-56689 | 1 Quest | 1 One Identity | 2025-09-09 | 4.6 Medium |
| One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying the same response. | ||||
| CVE-2025-9577 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-09-09 | 2.5 Low |
| A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-49604 | 2025-09-09 | N/A | ||
| For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow. | ||||
| CVE-2025-9576 | 1 Seeedstudio | 2 Linkit Smart 7688, Linkit Smart 7688 Firmware | 2025-09-09 | 2.5 Low |
| A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55409 | 1 Foxcms | 1 Foxcms | 2025-09-09 | 8.8 High |
| FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code. | ||||