Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-59951 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured wi... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-61587 Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECT_DOMAINS is... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-61690 KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | 7.8 | HIGH | — | 0 |
| CVE-2025-61583 TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in th... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-61588 RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls s... | N/A | NONE | — | 0 |
| CVE-2025-61849 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-61850 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-61851 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-61852 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-61853 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-61854 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-61855 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-11020 An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny ... | 8.8 | HIGH | — | 0 |
| CVE-2025-11182 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects Chan... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-11221 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Funct... | 8.8 | HIGH | — | 0 |
| CVE-2025-58775 KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | 7.8 | HIGH | — | 0 |
| CVE-2025-58776 KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | 7.8 | HIGH | — | 0 |
| CVE-2025-58777 VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | 7.8 | HIGH | — | 0 |
| CVE-2025-61691 VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | 7.8 | HIGH | — | 0 |
| CVE-2025-61692 VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product. | 7.8 | HIGH | — | 0 |
| CVE-2025-9697 The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-40645 Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/w... | N/A | NONE | — | 0 |
| CVE-2025-54468 A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoi... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-40989 Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-40990 Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-40991 Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting t... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-40992 Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vuln... | N/A | NONE | — | 0 |
| CVE-2024-58260 A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to... | 7.6 | HIGH | — | 0 |
| CVE-2025-11239 Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown t... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-11240 An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when ... | 7.2 | HIGH | — | 0 |
| CVE-2025-22862 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2.0 through 7.2.11, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 thr... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-41010 Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request ... | N/A | NONE | — | 0 |
| CVE-2023-28760 TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to... | 7.5 | HIGH | — | 0 |
| CVE-2025-53881 A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.... | N/A | NONE | — | 0 |
| CVE-2025-56379 A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the content... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-56380 Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname paramete... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-56381 ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-59735 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59736 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59737 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59738 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59739 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59740 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-57443 FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the Fro... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-59741 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The rela... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59742 SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59743 SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59744 Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”. | 7.5 | HIGH | — | 0 |
| CVE-2025-59745 Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for... | 7.5 | HIGH | — | 0 |
| CVE-2025-59746 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. ... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.