Search
Search Results (336956 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13379 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-10-24 | 9.1 Critical |
| An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | ||||
| CVE-2018-13382 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-10-24 | 9.1 Critical |
| An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests | ||||
| CVE-2025-6239 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-10-24 | 6.5 Medium |
| Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor. | ||||
| CVE-2025-39898 | 1 Linux | 1 Linux Kernel | 2025-10-24 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-11677 | 1 Warmcat | 1 Libwebsockets | 2025-10-24 | 3.7 Low |
| Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service. | ||||
| CVE-2025-61488 | 1 Slims | 1 Senayan Library Management System | 2025-10-24 | 7.6 High |
| An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter | ||||
| CVE-2025-10612 | 1 Gisoft | 1 City Guide | 2025-10-24 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45. | ||||
| CVE-2025-56450 | 1 Log2space | 1 Subscriber Management Software | 2025-10-24 | 6.5 Medium |
| Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the `lead_id` parameter in the `/l2s/api/selfcareLeadHistory` endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. The backend fails to sanitize the user input, allowing enumeration of database schemas, table names, and potentially leading to full database compromise. | ||||
| CVE-2025-11151 | 1 Beyaz Bilgisayar | 1 Cityplus | 2025-10-24 | 8.2 High |
| Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pages.This issue affects CityPLus: before V24.29500.1.0. | ||||
| CVE-2025-9574 | 1 Abb | 2 Als-mini-s4, Als-mini-s8 | 2025-10-24 | 10 Critical |
| Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166 | ||||
| CVE-2025-62835 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62834 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62833 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62832 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62831 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62830 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62829 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62828 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2025-62827 | 2025-10-24 | N/A | ||
| Not used | ||||
| CVE-2024-57777 | 1 Lanproxy Project | 1 Lanproxy | 2025-10-23 | 5.1 Medium |
| Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain sensitive information | ||||