Total
313614 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11555 | 1 Campcodes | 1 Online Learning Management System | 2025-10-10 | 7.3 High |
| A vulnerability was detected in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/calendar_of_events.php. The manipulation of the argument date_start results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-11553 | 1 Code-projects | 1 Courier Management System | 2025-10-10 | 6.3 Medium |
| A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11486 | 2 Janobe, Sourcecodester | 2 Farm Management System, Farm Management System | 2025-10-10 | 6.3 Medium |
| A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2024-27351 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Openstack and 3 more | 2025-10-10 | 5.3 Medium |
| In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. | ||||
| CVE-2025-1364 | 1 Escanav | 1 Escan Anti-virus | 2025-10-10 | 5.3 Medium |
| A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this vulnerability is the function passPrompt of the component USB Protection Service. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-41969 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later. | ||||
| CVE-2023-41972 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2025-0972 | 1 Zenvia | 1 Movidesk | 2025-10-10 | 3.5 Low |
| A vulnerability classified as problematic has been found in Zenvia Movidesk up to 25.01.22. This affects an unknown part of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-0971 | 1 Zenvia | 1 Movidesk | 2025-10-10 | 3.5 Low |
| A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Account/EditProfile of the component Profile Editing. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-0970 | 1 Zenvia | 1 Movidesk | 2025-10-10 | 4.3 Medium |
| A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /Account/Login. The manipulation of the argument ReturnUrl leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 25.01.22.245a473c54 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-41973 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2024-23482 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7 High |
| The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later. | ||||
| CVE-2025-59980 | 1 Juniper | 1 Junos | 2025-10-10 | 6.5 Medium |
| An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can login without providing the configured password and then has read-write access to their home directory. This issue affects Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2. | ||||
| CVE-2025-11450 | 1 Servicenow | 1 Servicenow | 2025-10-10 | N/A |
| ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link. ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so. | ||||
| CVE-2024-2134 | 1 Bdtask | 1 Hospital Automanager | 2025-10-10 | 4.3 Medium |
| A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255496. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2135 | 1 Bdtask | 1 Hospital Automanager | 2025-10-10 | 2.4 Low |
| A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospital_activities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input <img src=a onerror=alert(1)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255497 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-34248 | 1 D-link | 1 Nuclias Connect | 2025-10-10 | N/A |
| D-Link Nuclias Connect firmware versions < 1.3.1.4 contain a directory traversal vulnerability within /api/web/dnc/global/database/deleteBackup due to improper sanitization of the deleteBackupList parameter. This can allow an authenticated attacker to delete arbitrary files impacting the integrity and availability of the system. | ||||
| CVE-2025-30258 | 1 Gnupg | 1 Gnupg | 2025-10-10 | 2.7 Low |
| In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." | ||||
| CVE-2025-59286 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-10 | 6.5 Medium |
| Copilot Spoofing Vulnerability | ||||
| CVE-2025-59272 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-10 | 6.5 Medium |
| Copilot Spoofing Vulnerability | ||||