Export limit exceeded: 10163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6466 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50692 | 1 Foxcms | 1 Foxcms | 2025-08-14 | 9.8 Critical |
| FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. | ||||
| CVE-2024-22348 | 1 Ibm | 2 Devops Velocity, Urbancode Velocity | 2025-08-14 | 5.3 Medium |
| IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | ||||
| CVE-2025-50706 | 1 Thinkphp | 1 Thinkphp | 2025-08-14 | 9.8 Critical |
| An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function | ||||
| CVE-2025-50707 | 1 Thinkphp | 1 Thinkphp | 2025-08-14 | 9.8 Critical |
| An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component | ||||
| CVE-2025-8918 | 1 Portabilis | 1 I-educar | 2025-08-14 | 2.4 Low |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-54997 | 2 Openbao, Openbao Project | 2 Openbao, Openbao | 2025-08-13 | 9.1 Critical |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way. | ||||
| CVE-2025-6000 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2025-08-13 | 9.1 Critical |
| A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. | ||||
| CVE-2025-46725 | 1 Langroid | 1 Langroid | 2025-08-13 | 9.8 Critical |
| Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through `QueryPlan.dataframe_calc]`) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation. | ||||
| CVE-2025-7109 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7110 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7112 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7111 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7113 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7866 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_deficiencia_lst.php of the component Disabilities Module. The manipulation of the argument Deficiência ou Transtorno leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7869 | 1 Portabilis | 1 I-educar | 2025-08-13 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8346 | 1 Portabilis | 1 I-educar | 2025-08-13 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%27)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2867 | 1 Gitlab | 1 Gitlab | 2025-08-13 | 4.4 Medium |
| An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. | ||||
| CVE-2025-3149 | 1 Itning | 1 Student-homework-management-system | 2025-08-13 | 2.4 Low |
| A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-8785 | 1 Portabilis | 1 I-educar | 2025-08-12 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educar_usuario_lst.php. The manipulation of the argument nm_pessoa/matricula/matricula_interna leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8784 | 1 Portabilis | 1 I-educar | 2025-08-12 | 3.5 Low |
| A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.9. This vulnerability affects unknown code of the file /intranet/funcionario_vinculo_cad.php of the component Cadastrar Vínculo Page. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||