Search

Search Results (364535 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-45346 1 Bacula 1 Bacula-web 2025-08-06 8.1 High
SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.
CVE-2024-43018 1 Piwigo 1 Piwigo 2025-08-06 6.4 Medium
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php and this same function is called by ws.php file at some point can be used for searching users in advanced way in /admin.php?page=user_list.
CVE-2025-51951 1 Andisearch 1 Andisearch 2025-08-06 6.1 Medium
andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2025-50777 1 Aziot 2 2mp Full Hd Smart Wi-fi Cctv Home Security Camera, 2mp Full Hd Smart Wi-fi Cctv Home Security Camera Firmware 2025-08-06 7.8 High
The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.
CVE-2025-50464 1 Iptime 2 Nas, Nas Firmware 2025-08-06 6.5 Medium
A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.
CVE-2025-45620 1 Averusa 2 Ptc310uv2, Ptc310uv2 Firmware 2025-08-06 8.1 High
An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request
CVE-2025-45619 1 Averusa 2 Ptc310uv2, Ptc310uv2 Firmware 2025-08-06 6.5 Medium
An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function
CVE-2025-25692 1 Prestashop 1 Prestashop 2025-08-06 6.5 Medium
A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
CVE-2025-51503 1 Microweber 2 Cms, Microweber 2025-08-06 7.6 High
A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
CVE-2024-34327 1 Sielox 1 Anyware 2025-08-06 6.5 Medium
Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.
CVE-2025-24497 1 F5 2 Big-ip, Big-ip Policy Enforcement Manager 2025-08-06 7.5 High
When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-52203 1 Devaslanphp 1 Project Management 2025-08-06 7.6 High
A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context.
CVE-2025-8454 1 Debian 1 Devscripts 2025-08-06 9.8 Critical
It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then.
CVE-2025-51954 1 Electronhub 1 Ai Playground 2025-08-06 6.1 Medium
playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2024-28883 1 F5 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Big-ip Apm 2025-08-06 7.4 High
An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2015-0849 1 Debian 1 Pycode-browser 2025-08-06 3.9 Low
pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
CVE-2015-0843 1 Debian 1 Yubiserver 2025-08-06 9.8 Critical
yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
CVE-2015-0842 1 Debian 1 Yubiserver 2025-08-06 9.8 Critical
yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
CVE-2025-20120 1 Cisco 2 Evolved Programmable Network Manager, Prime Infrastructure 2025-08-06 6.1 Medium
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2024-20374 1 Cisco 2 Firepower Management Center, Secure Firewall Management Center 2025-08-06 6.5 Medium
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials.