Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11119 | 1 Angeljudesuarez | 1 Hostel Management System | 2025-10-03 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-1497 | 1 Mljar | 1 Plotai | 2025-10-03 | N/A | 9.8 CRITICAL |
|
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.
Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.
|
|||||
| CVE-2025-5513 | 1 Quequnlong | 1 Shiyi-blog | 2025-10-03 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-10234 | 1 Scada-lts | 1 Scada-lts | 2025-10-02 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-10235 | 1 Scada-lts | 1 Scada-lts | 2025-10-02 | 3.3 LOW | 2.4 LOW |
|
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-10366 | 1 Sourcefabric | 1 Rpi-jukebox-rfid | 2025-10-02 | 4.0 MEDIUM | 3.5 LOW |
|
A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-11112 | 1 Phpgurukul | 1 Employee Record Management System | 2025-10-02 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A security vulnerability has been detected in PHPGurukul Employee Record Management System 1.3. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-10271 | 1 10oa | 1 10oa | 2025-10-02 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-10272 | 1 10oa | 1 10oa | 2025-10-02 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-10274 | 1 10oa | 1 10oa | 2025-10-02 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-61588 | 2025-10-02 | N/A | N/A | ||
|
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected ve ...
Show More |
|||||
| CVE-2025-26260 | 1 Plenti | 1 Plenti | 2025-10-02 | N/A | 8.8 HIGH |
|
Plenti <= 0.7.16 is vulnerable to code execution. Users uploading '.svelte' files with the /postLocal endpoint can define the file name as javascript codes. The server executes the uploaded file name in host, and cause code execution.
|
|||||
| CVE-2025-2974 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3219 | 1 Perfexcrm | 1 Perfex Crm | 2025-10-02 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-51941 | 1 Apache | 1 Ambari | 2025-10-02 | N/A | 8.8 HIGH |
|
A remote code injection vulnerability exists in the Ambari Metrics and
AMS Alerts feature, allowing authenticated users to inject and execute
arbitrary code. The vulnerability occurs when processing alert
definitions, where malicious input can be injected into the alert script
execution path. An attacker with authenticated access can exploit this
vulnerability to execute arbitrary commands on the server. The issue has
been fixed in the latest versions of Ambari.
|
|||||
| CVE-2025-23307 | 1 Nvidia | 1 Nemo Curator | 2025-10-01 | N/A | 7.8 HIGH |
|
NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2025-23265 | 1 Nvidia | 1 Megatron-lm | 2025-10-01 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
|
|||||
| CVE-2025-23264 | 1 Nvidia | 1 Megatron-lm | 2025-10-01 | N/A | 7.8 HIGH |
|
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
|
|||||
| CVE-2024-44758 | 1 Nuserp | 1 Nus-m9 Erp | 2025-10-01 | N/A | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.
|
|||||
| CVE-2024-44757 | 1 Nuserp | 1 Nus-m9 Erp | 2025-10-01 | N/A | 7.5 HIGH |
|
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
|
|||||
| CVE-2025-5713 | 1 Isolucoesweb | 1 Solucoescoop | 2025-10-01 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
|
|||||
| CVE-2025-7053 | 1 Agentejo | 1 Cockpit | 2025-10-01 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.11.4 is able to address this issue. The patch is named bdcd5e3bc651c0839c7eea807f3eb6af856dbc76. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure a ...
Show More |
|||||
| CVE-2024-13080 | 1 Phpgurukul | 1 Land Record System | 2025-09-30 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11078 | 1 Anisha | 1 Job Recruitment | 2025-09-30 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-2097 | 2025-09-30 | N/A | 7.5 HIGH | ||
|
An authenticated malicious client can send a special LINQ query
to execute arbitrary code remotely (RCE) on the SCM server
from List control, and execute the arbitrary code on the same
system where SCMArchivedEventViewerTool is installed in the
case of SCM Tools.
|
|||||
| CVE-2024-7218 | 1 Oretnom23 | 1 School Log Management System | 2025-09-29 | 4.0 MEDIUM | 3.5 LOW |
|
A flaw has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=save_student. Executing manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
|
|||||
| CVE-2025-11125 | 2025-09-29 | 5.0 MEDIUM | 4.3 MEDIUM | ||
|
A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.php of the component Error Message Handler. Performing manipulation of the argument Error results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so ver ...
Show More |
|||||
| CVE-2025-11134 | 2025-09-29 | 3.3 LOW | 2.4 LOW | ||
|
A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-11137 | 2025-09-29 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue.
|
|||||
| CVE-2024-28005 | 1 Nec | 118 Aterm Cr2500p, Aterm Cr2500p Firmware, Aterm Mr01ln and 115 more | 2025-09-29 | N/A | 4.7 MEDIUM |
|
Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM35 ...
Show More |
|||||
| CVE-2024-9132 | 1 Arista | 1 Ng Firewall | 2025-09-29 | N/A | 8.1 HIGH |
|
The administrator is able to configure an insecure captive portal script
|
|||||
| CVE-2025-4469 | 1 Senior-walter | 1 Online Student Clearance System | 2025-09-27 | 3.3 LOW | 2.4 LOW |
|
A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-9738 | 1 Portabilis | 1 I-educar | 2025-09-27 | 4.0 MEDIUM | 3.5 LOW |
|
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-7868 | 1 Portabilis | 1 I-educar | 2025-09-27 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-7867 | 1 Portabilis | 1 I-educar | 2025-09-27 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-0295 | 1 Code-projects | 1 Online Book Shop | 2025-09-27 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-6807 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-09-27 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-31823 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2025-09-26 | N/A | 8.8 HIGH |
|
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the removeSecondaryImage method of the Publish.php component.
|
|||||
| CVE-2025-10946 | 2025-09-26 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
|
|||||
| CVE-2025-10945 | 2025-09-26 | 4.0 MEDIUM | 3.5 LOW | ||
|
A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
|
|||||