Total
310690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50582 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Course module. | ||||
| CVE-2025-50583 | 1 Daycloud | 1 Studentmanage | 2025-09-09 | 4.8 Medium |
| StudentManage v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Add A New Student module. | ||||
| CVE-2025-10115 | 2025-09-09 | 7.3 High | ||
| A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-1053 | 1 Broadcom | 1 Brocade Sannav | 2025-09-09 | 4.9 Medium |
| Under certain error conditions at time of SANnav installation or upgrade, the encryption key can be written into and obtained from a Brocade SANnav supportsave. An attacker with privileged access to the Brocade SANnav database could use the encryption key to obtain passwords used by Brocade SANnav. | ||||
| CVE-2024-7517 | 1 Brocade | 1 Fabric Os | 2025-09-09 | N/A |
| A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | ||||
| CVE-2024-5461 | 2025-09-09 | N/A | ||
| Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. An authenticated attacker could perform command or parameter injection on SNMP operations that are only enabled on the Brocade 6547 (FC5022) embedded switch. This injection could allow the authenticated attacker to issue commands as Root. | ||||
| CVE-2025-9577 | 1 Totolink | 2 X2000r, X2000r Firmware | 2025-09-09 | 2.5 Low |
| A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface. The manipulation results in use of default credentials. Attacking locally is a requirement. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-49604 | 2025-09-09 | N/A | ||
| For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow. | ||||
| CVE-2025-9576 | 1 Seeedstudio | 2 Linkit Smart 7688, Linkit Smart 7688 Firmware | 2025-09-09 | 2.5 Low |
| A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55409 | 1 Foxcms | 1 Foxcms | 2025-09-09 | 8.8 High |
| FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code. | ||||
| CVE-2024-53499 | 2 Huayi-tec, Jeewms | 2 Jeewms, Jeewms | 2025-09-09 | 9.8 Critical |
| Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API. | ||||
| CVE-2025-55420 | 1 Foxcms | 1 Foxcms | 2025-09-09 | 8.8 High |
| A Reflected Cross Site Scripting (XSS) vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input. | ||||
| CVE-2025-55371 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.3 Medium |
| Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method. | ||||
| CVE-2025-55370 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 8.8 High |
| Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value. | ||||
| CVE-2025-55368 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 8.8 High |
| Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | ||||
| CVE-2025-9717 | 1 Zoneland | 1 O2oa | 2025-09-09 | 3.5 Low |
| A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_organization_assemble_control/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelName leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-55366 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.3 Medium |
| Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack. | ||||
| CVE-2025-55367 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.3 Medium |
| Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | ||||
| CVE-2025-8840 | 2 Jishenghua, Jsherp Project | 2 Jsherp, Jserp | 2025-09-09 | 5.4 Medium |
| A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947. | ||||
| CVE-2025-9718 | 1 Zoneland | 1 O2oa | 2025-09-09 | 3.5 Low |
| A security flaw has been discovered in O2OA up to 10.0-410. This affects an unknown part of the file /x_processplatform_assemble_designer/jaxrs/process of the component Personal Profile Page. Performing manipulation of the argument name/alias results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version." | ||||