Export limit exceeded: 10736 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10736 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10428 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-18 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10427 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-18 | 6.3 Medium |
| A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10425 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-18 | 7.3 High |
| A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2025-10424 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-18 | 7.3 High |
| A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2023-49564 | 1 Nokia | 2 Cbis, Ncs | 2025-09-18 | 8.8 High |
| The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine. The risk can be partially mitigated by restricting access to the management network using external firewall. | ||||
| CVE-2025-56274 | 1 Seniorwalter | 1 Web-based Pharmacy Product Management System | 2025-09-18 | 8.1 High |
| SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users. | ||||
| CVE-2024-25501 | 2 Winmail, Winmail Project | 2 Winmail, Winmail | 2025-09-18 | 8.8 High |
| An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. | ||||
| CVE-2024-28152 | 1 Jenkins | 1 Bitbucket Branch Source | 2025-09-18 | 6.3 Medium |
| In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server. | ||||
| CVE-2024-24386 | 1 Vitalpbx | 1 Vitalpbx | 2025-09-18 | 7.2 High |
| An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. | ||||
| CVE-2024-51525 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.2 Medium |
| Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42039 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 4.3 Medium |
| Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42038 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 8.8 High |
| Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2024-42036 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 2.5 Low |
| Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-42033 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 6.9 Medium |
| Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | ||||
| CVE-2024-42032 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | 4.4 Medium |
| Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-41248 | 1 Vmware | 1 Spring Security | 2025-09-18 | 7.5 High |
| The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41249 https://spring.io/security/cve-2025-41249 . | ||||
| CVE-2025-56405 | 1 Litmus | 1 Mcp Server | 2025-09-17 | 7.5 High |
| An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol. | ||||
| CVE-2025-58751 | 1 Vitejs | 1 Vite | 2025-09-17 | 5.3 Medium |
| Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue. | ||||
| CVE-2025-58752 | 1 Vitejs | 1 Vite | 2025-09-17 | 5.3 Medium |
| Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: 'spa'` (default) or `appType: 'mpa'` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue. | ||||
| CVE-2025-54391 | 1 Zimbra | 1 Collaboration Suite | 2025-09-17 | 9.1 Critical |
| A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional 2FA method (either a third-party authenticator app or email-based 2FA) without presenting a valid authentication token or proving access to an already configured 2FA method. This bypasses 2FA and results in unauthorized access to accounts that are otherwise protected by 2FA. | ||||