Total
304919 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54395 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 6.1 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data. | ||||
| CVE-2025-50692 | 1 Foxcms | 1 Foxcms | 2025-08-12 | 9.8 Critical |
| FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. | ||||
| CVE-2025-47183 | 1 Gstreamer | 1 Gstreamer | 2025-08-12 | 6.6 Medium |
| In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. | ||||
| CVE-2023-41526 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters. | ||||
| CVE-2025-54397 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 4.3 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users. | ||||
| CVE-2025-47806 | 1 Gstreamer | 1 Gstreamer | 2025-08-12 | 5.6 Medium |
| In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash. | ||||
| CVE-2023-41531 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 8.8 High |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters. | ||||
| CVE-2025-54393 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 5.4 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access. | ||||
| CVE-2023-41528 | 2 Hospital Management System, Kishan0725 | 2 Hospital Management System, Hospital Management System | 2025-08-12 | 9.8 Critical |
| Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters. | ||||
| CVE-2025-54396 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 5.4 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. | ||||
| CVE-2025-55077 | 1 Tyler Technologies | 1 Erp Pro 9 Saas | 2025-08-12 | 7.4 High |
| Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01. | ||||
| CVE-2025-48709 | 1 Bmc | 1 Control-m | 2025-08-12 | N/A |
| An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations. | ||||
| CVE-2025-54392 | 1 Netwrix | 1 Directory Manager | 2025-08-12 | 6.1 Medium |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189. | ||||
| CVE-2025-47808 | 1 Gstreamer | 1 Gstreamer | 2025-08-12 | 5.6 Medium |
| In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | ||||
| CVE-2025-20697 | 1 Mediatek | 29 Mt2718, Mt6761, Mt6765 and 26 more | 2025-08-12 | 6.7 Medium |
| In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795. | ||||
| CVE-2025-8585 | 1 Libav | 1 Libav | 2025-08-12 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-54626 | 1 Huawei | 1 Harmonyos | 2025-08-12 | 4.4 Medium |
| Pointer dangling vulnerability in the cjwindow module. Impact: Successful exploitation of this vulnerability may affect function stability. | ||||
| CVE-2025-50592 | 1 Seacms | 1 Seacms | 2025-08-12 | 5.4 Medium |
| Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. | ||||
| CVE-2025-29745 | 1 Emsisoft | 1 Anti-malware | 2025-08-12 | 7.5 High |
| A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file. | ||||
| CVE-2025-51857 | 1 Halo | 1 Halo | 2025-08-12 | 6.1 Medium |
| The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks. | ||||