Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8796 | 2025-08-13 | N/A | N/A | ||
| A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8809 | 1 Anisha | 1 Online Medicine Guide | 2025-08-13 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6715 | 2025-08-13 | N/A | N/A | ||
| The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | |||||
| CVE-2025-8792 | 2025-08-13 | N/A | N/A | ||
| A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8788 | 2025-08-13 | N/A | N/A | ||
| A vulnerability was found in Portabilis i-Diario up to 1.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /planos-de-aula-por-areas-de-conhecimento/ of the component Informações adicionais. The manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8797 | 2025-08-13 | N/A | N/A | ||
| A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30084 | 1 Rsjoomla | 1 Rsmail\! | 2025-08-13 | N/A | N/A |
| A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard. | |||||
| CVE-2025-0620 | 1 Samba | 1 Samba | 2025-08-13 | N/A | 4.9 MEDIUM |
| A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. | |||||
| CVE-2024-31047 | 1 Openexr | 1 Openexr | 2025-08-13 | N/A | N/A |
| An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. | |||||
| CVE-2025-44139 | 1 Emlog | 1 Emlog | 2025-08-13 | N/A | N/A |
| Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip | |||||
| CVE-2023-41519 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | N/A |
| Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php. | |||||
| CVE-2023-41523 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | N/A |
| Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php. | |||||
| CVE-2023-41522 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | N/A |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters. | |||||
| CVE-2023-41521 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | N/A |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters. | |||||
| CVE-2023-41524 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | N/A |
| Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php. | |||||
| CVE-2023-41520 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | N/A |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters. | |||||
| CVE-2025-8859 | 1 Fabianros | 1 Eblog Site | 2025-08-13 | N/A | 8.8 HIGH |
| A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8811 | 1 Code-projects | 1 Simple Art Gallery | 2025-08-13 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7113 | 1 Portabilis | 1 I-educar | 2025-08-13 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7112 | 1 Portabilis | 1 I-educar | 2025-08-13 | N/A | 5.4 MEDIUM |
| A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||