Total
303318 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-7729 | 1 Scada-lts | 1 Scada-lts | 2025-07-18 | 3.5 Low |
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0. | ||||
CVE-2025-7475 | 2 Code-projects, Fabianros | 2 Simple Car Rental System, Simple Car Rental System | 2025-07-18 | 7.3 High |
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-7477 | 2 Code-projects, Fabianros | 2 Simple Car Rental System, Simple Car Rental System | 2025-07-18 | 4.7 Medium |
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-22248 | 1 Broadcom | 2 Bitnami, Bitnami\/pgpool | 2025-07-18 | 7.5 High |
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart. | ||||
CVE-2025-44177 | 1 Wss | 1 Protop | 2025-07-18 | 8.2 High |
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. | ||||
CVE-2024-3366 | 1 Xuxueli | 1 Xxl-job | 2025-07-18 | 3.5 Low |
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480. | ||||
CVE-2025-53670 | 1 Jenkins | 1 Nouvola Divecloud | 2025-07-18 | 6.5 Medium |
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
CVE-2025-53669 | 1 Jenkins | 1 Vaddy | 2025-07-18 | 4.3 Medium |
Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
CVE-2025-53668 | 1 Jenkins | 1 Vaddy | 2025-07-18 | 6.5 Medium |
Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
CVE-2025-53667 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-07-18 | 5.3 Medium |
Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
CVE-2025-53666 | 1 Jenkins | 1 Dead Man\'s Snitch | 2025-07-18 | 6.5 Medium |
Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
CVE-2025-53665 | 1 Jenkins | 1 Apica Loadtest | 2025-07-18 | 4.3 Medium |
Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. | ||||
CVE-2025-53664 | 1 Jenkins | 1 Apica Loadtest | 2025-07-18 | 6.5 Medium |
Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. | ||||
CVE-2025-7753 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-7752 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-7751 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-7750 | 1 Anisha | 1 Online Appointment Booking System | 2025-07-18 | 7.3 High |
A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2025-36038 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-18 | 9 Critical |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. | ||||
CVE-2025-3423 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-07-18 | 5.4 Medium |
IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2025-53652 | 1 Jenkins | 1 Git Parameter | 2025-07-18 | 8.2 High |
Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters. |