Total
5582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22894 | 1 Ivanti | 1 Connect Secure | 2025-11-03 | 8.8 High |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | ||||
| CVE-2021-22900 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2025-11-03 | 7.2 High |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | ||||
| CVE-2021-44529 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2025-11-03 | 9.8 Critical |
| A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). | ||||
| CVE-2025-12280 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-11-03 | 2.4 Low |
| A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-12281 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-11-03 | 2.4 Low |
| A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12282 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-11-03 | 2.4 Low |
| A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-12303 | 1 Phpgurukul | 1 Curfew E-pass Management System | 2025-11-03 | 2.4 Low |
| A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing manipulation of the argument adminname/email can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-12302 | 2 Code-projects, Fabian | 2 Simple Food Ordering System, Simple Food Ordering System | 2025-11-03 | 4.3 Medium |
| A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-12300 | 2 Code-projects, Fabian | 2 Simple Food Ordering System, Simple Food Ordering System | 2025-11-03 | 4.3 Medium |
| A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-12299 | 2 Code-projects, Fabian | 2 Simple Food Ordering System, Simple Food Ordering System | 2025-11-03 | 4.3 Medium |
| A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-12298 | 2 Code-projects, Fabian | 2 Simple Food Ordering System, Simple Food Ordering System | 2025-11-03 | 4.3 Medium |
| A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2018-14667 | 1 Redhat | 5 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 2 more | 2025-11-03 | 9.8 Critical |
| The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. | ||||
| CVE-2025-12334 | 2 Code-projects, Fabian | 2 E-commerce Website, E-commerce Website | 2025-10-31 | 4.3 Medium |
| A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-12332 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-10-31 | 2.4 Low |
| A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2025-12335 | 2 Code-projects, Fabian | 2 E-commerce Website, E-commerce Website | 2025-10-31 | 4.3 Medium |
| A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-12269 | 1 Learnhouse | 1 Learnhouse | 2025-10-31 | 3.5 Low |
| A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8221 | 1 Jerryshensjf | 1 Jpacookieshop | 2025-10-31 | 4.3 Medium |
| A vulnerability classified as problematic was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this vulnerability is the function goodsSearch of the file GoodsCustController.java. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-8222 | 1 Jerryshensjf | 1 Jpacookieshop | 2025-10-31 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Multiple endpoints are affected. | ||||
| CVE-2025-23061 | 1 Mongoosejs | 1 Mongoose | 2025-10-31 | 9 Critical |
| Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900. | ||||
| CVE-2023-41179 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2025-10-31 | 7.2 High |
| A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation. Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | ||||