Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5765 | 1 A17lab | 1 Wpstickybar | 2025-08-20 | N/A | N/A |
| The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2024-9282 | 1 1234n | 1 Minicms | 2025-08-20 | N/A | 4.3 MEDIUM |
| A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9281 | 1 1234n | 1 Minicms | 2025-08-20 | N/A | 4.3 MEDIUM |
| A vulnerability was found in bg5sbk MiniCMS up to 1.11 and classified as problematic. This issue affects some unknown processing of the file post-edit.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions confusing version and file name information. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-7777 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns. | |||||
| CVE-2025-43741 | 2025-08-20 | N/A | N/A | ||
| A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter | |||||
| CVE-2025-8102 | 2025-08-20 | N/A | 5.4 MEDIUM | ||
| The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the edd_sendwp_disconnect() and edd_sendwp_remote_install() functions. This makes it possible for unauthenticated attackers to deactivate or download and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-43742 | 2025-08-20 | N/A | N/A | ||
| A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript in web content for friendly urls. | |||||
| CVE-2025-9173 | 2025-08-20 | N/A | 6.3 MEDIUM | ||
| A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-57732 | 2025-08-20 | N/A | N/A | ||
| In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership | |||||
| CVE-2025-57730 | 2025-08-20 | N/A | N/A | ||
| In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature | |||||
| CVE-2025-57731 | 2025-08-20 | N/A | N/A | ||
| In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content | |||||
| CVE-2020-27223 | 5 Apache, Debian, Eclipse and 2 more | 16 Nifi, Solr, Spark and 13 more | 2025-08-20 | 4.3 MEDIUM | 5.3 MEDIUM |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | |||||
| CVE-2025-57727 | 2025-08-20 | N/A | N/A | ||
| In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | |||||
| CVE-2025-57734 | 2025-08-20 | N/A | N/A | ||
| In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files | |||||
| CVE-2025-57733 | 2025-08-20 | N/A | N/A | ||
| In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content | |||||
| CVE-2025-5914 | 2 Libarchive, Redhat | 3 Libarchive, Enterprise Linux, Openshift Container Platform | 2025-08-20 | N/A | N/A |
| A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | |||||
| CVE-2025-57728 | 2025-08-20 | N/A | N/A | ||
| In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files | |||||
| CVE-2025-57729 | 2025-08-20 | N/A | N/A | ||
| In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start | |||||
| CVE-2024-39954 | 2025-08-20 | N/A | N/A | ||
| CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. | |||||
| CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-08-20 | N/A | 9.8 CRITICAL |
| A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component. | |||||