Total
288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43749 | 2025-08-20 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library | |||||
| CVE-2025-0620 | 1 Samba | 1 Samba | 2025-08-13 | N/A | 4.9 MEDIUM |
| A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. | |||||
| CVE-2024-47106 | 1 Ibm | 1 Jazz For Service Management | 2025-08-08 | N/A | 7.5 HIGH |
| IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system. | |||||
| CVE-2025-1042 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 7.5 HIGH |
| An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way. | |||||
| CVE-2025-30103 | 1 Dell | 1 Smartfabric Os10 | 2025-08-06 | N/A | N/A |
| Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | |||||
| CVE-2025-23276 | 2025-08-02 | N/A | N/A | ||
| NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering. | |||||
| CVE-2023-20183 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20184 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | N/A | 4.3 MEDIUM |
| Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2025-53536 | 2025-07-07 | N/A | N/A | ||
| Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with the php.validate.executablePath setting which lets you set the path for the php executable for syntax validation. The attacker could have written the path to an arbitrary command there and then created a php file to trigger it. This vulnerability is fixed in 3.22.6. | |||||
| CVE-2025-48928 | 1 Smarsh | 1 Telemessage | 2025-07-02 | N/A | N/A |
| The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. | |||||
| CVE-2024-56731 | 2025-06-24 | N/A | N/A | ||
| Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users' code hosted on the same instance. This issue has been patched in version 0.13.3. | |||||
| CVE-2023-52112 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-20 | N/A | 5.3 MEDIUM |
| Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-8031 | 1 Wpbookingcalendar | 1 Secure Downloads | 2025-06-12 | N/A | N/A |
| The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php. | |||||
| CVE-2024-24161 | 1 Mrcms | 1 Mrcms | 2025-06-12 | N/A | 7.5 HIGH |
| MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. | |||||
| CVE-2025-4807 | 1 Senior-walter | 1 Online Student Clearance System | 2025-05-28 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4909 | 1 Lerouxyxchire | 1 Client Database Management System | 2025-05-28 | N/A | N/A |
| A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-38952 | 1 Zkteco | 1 Biotime | 2025-05-27 | N/A | 7.5 HIGH |
| Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints. | |||||
| CVE-2023-5907 | 1 Bitapps | 1 File Manager | 2025-05-27 | N/A | 6.5 MEDIUM |
| The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files. | |||||
| CVE-2022-41343 | 1 Dompdf Project | 1 Dompdf | 2025-05-22 | N/A | 7.5 HIGH |
| registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | |||||
| CVE-2022-40126 | 1 Clash Project | 1 Clash | 2025-05-21 | N/A | 7.8 HIGH |
| A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | |||||