Total
9870 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0771 | 1 Advantech | 1 Advantech Webaccess | 2025-09-19 | N/A |
| The BWOCXRUN.BwocxrunCtrl.1 control contains a method named “OpenUrlToBuffer.” This method takes a URL as a parameter and returns its contents to the caller in JavaScript. The URLs are accessed in the security context of the current browser session. The control does not perform any URL validation and allows “file://” URLs that access the local disk. The method can be used to open a URL (including file URLs) and read file URLs through JavaScript. This method could also be used to reach any arbitrary URL to which the browser has access. | ||||
| CVE-2025-46720 | 1 Keystonejs | 1 Keystone | 2025-09-19 | 3.1 Low |
| Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely. | ||||
| CVE-2023-49367 | 1 Kyocera | 1 Command Center Rx | 2025-09-19 | 8.8 High |
| An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. | ||||
| CVE-2023-50894 | 1 Janitza | 1 Gridvis | 2025-09-19 | 8.8 High |
| In Janitza GridVis through 9.0.66, use of hard-coded credentials in the de.janitza.pasw.feature.impl.activators.PasswordEncryption password encryption function allows remote authenticated administrative users to discover cleartext database credentials contained in error report information. | ||||
| CVE-2025-22612 | 2 Coollabs, Coollabsio | 2 Coolify, Coolify | 2025-09-19 | 10 Critical |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve any existing private keys on a coolify instance in plain text. If the server configuration of IP / domain, port (most likely 22) and user (root) matches with the victim's server configuration, then the attacker can execute arbitrary commands on the remote server. Version 4.0.0-beta.374 fixes the issue. | ||||
| CVE-2025-55190 | 2 Argoproj, Redhat | 3 Argo-cd, Argo Cd, Openshift Gitops | 2025-09-19 | 10 Critical |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2. | ||||
| CVE-2025-22607 | 1 Coollabs | 1 Coolify | 2025-09-19 | 5.5 Medium |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to fetch the details page for any GitHub / GitLab configuration on a Coolify instance by only knowing the UUID of the model. This exposes the "client id", "client secret" and "webhook secret." Version 4.0.0-beta.361 fixes this issue. | ||||
| CVE-2024-3689 | 1 Zoneland | 1 O2oa | 2025-09-19 | 3.7 Low |
| A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260478 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-25011 | 1 Ericsson | 2 Catalog Manager, Order Care | 2025-09-19 | 5.3 Medium |
| Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue. | ||||
| CVE-2025-10607 | 1 Portabilis | 1 I-educar | 2025-09-18 | 4.3 Medium |
| A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Avaliacao/diarioApi. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2024-45336 | 1 Redhat | 8 Acm, Ceph Storage, Enterprise Linux and 5 more | 2025-09-18 | 6.1 Medium |
| The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2. | ||||
| CVE-2024-27356 | 3 Gl-i, Gl-inet, Gl.inet | 58 X1200, 0300, A1300 and 55 more | 2025-09-18 | 7.5 High |
| An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203. | ||||
| CVE-2024-24720 | 1 Innovaphone | 1 Innovaphone Pbx | 2025-09-18 | 5.3 Medium |
| An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system. | ||||
| CVE-2024-27456 | 1 Rylabs | 1 Rack Cors Middleware | 2025-09-18 | 9.1 Critical |
| rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. | ||||
| CVE-2024-36033 | 1 Linux | 1 Linux Kernel | 2025-09-18 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware. | ||||
| CVE-2025-9908 | 2025-09-17 | 6.7 Medium | ||
| No description is available for this CVE. | ||||
| CVE-2025-9907 | 2025-09-17 | 6.7 Medium | ||
| No description is available for this CVE. | ||||
| CVE-2025-58751 | 1 Vitejs | 1 Vite | 2025-09-17 | 5.3 Medium |
| Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue. | ||||
| CVE-2025-58752 | 1 Vitejs | 1 Vite | 2025-09-17 | 5.3 Medium |
| Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: 'spa'` (default) or `appType: 'mpa'` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue. | ||||
| CVE-2025-26711 | 1 Zte | 1 T5400 | 2025-09-17 | 5.7 Medium |
| There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface. | ||||