Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8551 | 2025-08-05 | N/A | 3.5 LOW | ||
| A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-2810 | 2025-08-05 | N/A | 5.5 MEDIUM | ||
| A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key. | |||||
| CVE-2025-41698 | 2025-08-05 | N/A | 7.8 HIGH | ||
| A low privileged local attacker can interact with the affected service although user-interaction should not be allowed. | |||||
| CVE-2025-8552 | 2025-08-05 | N/A | 2.4 LOW | ||
| A vulnerability classified as problematic has been found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /admin/tag/list. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-8315 | 2025-08-05 | N/A | 6.4 MEDIUM | ||
| The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-8550 | 2025-08-05 | N/A | 2.4 LOW | ||
| A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-54982 | 2025-08-05 | N/A | N/A | ||
| An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. | |||||
| CVE-2025-54868 | 2025-08-05 | N/A | N/A | ||
| LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly from the Meilisearch engine. The endpoint /api/search/test allows for direct access to stored chats in the Meilisearch engine without proper access control. This results in the ability to read chats from arbitrary users. This issue is fixed in version 0.7.7. | |||||
| CVE-2025-8546 | 2025-08-05 | N/A | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-54976 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54977 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54978 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54974 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54979 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54975 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54980 | 2025-08-05 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54795 | 2025-08-05 | N/A | N/A | ||
| Claude Code is an agentic coding tool. In versions below 1.0.20, an error in command parsing makes it possible to bypass the Claude Code confirmation prompt to trigger execution of an untrusted command. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. This is fixed in version 1.0.20. | |||||
| CVE-2025-54119 | 2025-08-05 | N/A | N/A | ||
| ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. | |||||
| CVE-2025-54780 | 2025-08-05 | N/A | N/A | ||
| The glpi-screenshot-plugin allows users to take screenshots or screens recording directly from GLPI. In versions below 2.0.2, authenticated user can use the /ajax/screenshot.php endpoint to leak files from the system or use PHP wrappers. This is fixed in version 2.0.2. | |||||
| CVE-2025-54130 | 2025-08-05 | N/A | N/A | ||
| Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. Hence, if sensitive editor files, such as the .vscode/settings.json file don't already exist in the workspace, an attacker can chain a indirect prompt injection vulnerability to hijack the context to write to the settings file and trigger RCE on the victim without user approval. This is fixed in version 1.3.9. | |||||