| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. |
| eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through 1.3.15. |
| Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability. |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14. |
| SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Responsive Posts Carousel Pro allows Stored XSS.This issue affects Responsive Posts Carousel Pro: from n/a through 15.2. |
| Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6. |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function. |
| Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through 1.0.9. |
| Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges. |
| Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter. |
| Vulnerability in Tyche softwares Product Delivery Date for WooCommerce – Lite.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.0. |
| FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vikas Ratudi VPSUForm allows Retrieve Embedded Sensitive Data.This issue affects VPSUForm: from n/a through 3.2.24. |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. |
| An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
| linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. |
| A reflected Cross-Site Scripting (XSS) vulnerability has been identified in TechStore version 1.0. The user_name endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser. |
