CVE-2025-8312 - Devolutions Server PAM Deadlock Password Persistence Vulnerability
CVE ID : CVE-2025-8312
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.5.0 and earlier
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8312
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.5.0 and earlier
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8353 - Devolutions Server JIT Group Access Bypass Vulnerability
CVE ID : CVE-2025-8353
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8353
Published : July 30, 2025, 4:15 p.m. | 1 hour, 47 minutes ago
Description : UI synchronization issue in the Just-in-Time (JIT) access request approval interface in Devolutions Server 2025.2.4.0 and earlier allows a remote authenticated attacker to gain unauthorized access to deleted JIT Groups via stale UI state during standard checkout request processing.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45955 - Rocket Software Rocket Zena SQL Injection Vulnerability
CVE ID : CVE-2024-45955
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45955
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25691 - PrestaShop PHAR Deserialization Code Execution Vulnerability
CVE ID : CVE-2025-25691
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25691
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25692 - PrestaShop PHAR Deserialization Remote Code Execution Vulnerability
CVE ID : CVE-2025-25692
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25692
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36611 - Dell Encryption Link Following Privilege Escalation Vulnerability
CVE ID : CVE-2025-36611
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36611
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45619 - Aver PTC310UV2 Remote Code Execution Vulnerability
CVE ID : CVE-2025-45619
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45619
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45620 - Aver PTC310UV2 Information Disclosure
CVE ID : CVE-2025-45620
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45620
Published : July 30, 2025, 5:15 p.m. | 47 minutes ago
Description : An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30480 - Dell PowerProtect Data Manager Arbitrary File Read Vulnerability
CVE ID : CVE-2025-30480
Published : July 30, 2025, 6:15 p.m. | 3 hours, 47 minutes ago
Description : Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30480
Published : July 30, 2025, 6:15 p.m. | 3 hours, 47 minutes ago
Description : Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8327 - Code-projects Exam Form Submission SQL Injection Vulnerability
CVE ID : CVE-2025-8327
Published : July 30, 2025, 6:15 p.m. | 3 hours, 47 minutes ago
Description : A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8327
Published : July 30, 2025, 6:15 p.m. | 3 hours, 47 minutes ago
Description : A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8328 - Apache Exam Form Submission SQL Injection Vulnerability
CVE ID : CVE-2025-8328
Published : July 30, 2025, 6:15 p.m. | 3 hours, 47 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8328
Published : July 30, 2025, 6:15 p.m. | 3 hours, 47 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30103 - Dell SmartFabric OS10 Local Filesystem Access Vulnerability
CVE ID : CVE-2025-30103
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30103
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : Dell SmartFabric OS10 Software, versions prior to 10.6.0.5 contains a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36608 - Dell SmartFabric OS10 XML External Entity Reference Denial of Service
CVE ID : CVE-2025-36608
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36608
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36609 - Dell SmartFabric OS10 Hard-coded Password Elevation of Privileges
CVE ID : CVE-2025-36609
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36609
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : Dell SmartFabric OS10 Software, versions prior to 10.6.0.5, contains a Use of Hard-coded Password vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50464 - "Iptime NAS Firmware Buffer Overflow Vulnerability"
CVE ID : CVE-2025-50464
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50464
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (v8, allocated 8 bytes) without bounds checking. Since this operation occurs before authentication logic is executed, the vulnerability is exploitable pre-authentication.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50777 - AZIOT Smart Wi-Fi CCTV Camera Root Shell Access Vulnerability
CVE ID : CVE-2025-50777
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50777
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51951 - Andisearch Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-51951
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51951
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : andisearch v0.5.249 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8329 - Oracle Vehicle Management SQL Injection
CVE ID : CVE-2025-8329
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8329
Published : July 30, 2025, 7:15 p.m. | 2 hours, 47 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-48916 - Ceph JWT Algorithm Validation Bypass Vulnerability
CVE ID : CVE-2024-48916
Published : July 30, 2025, 8:15 p.m. | 1 hour, 47 minutes ago
Description : Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-48916
Published : July 30, 2025, 8:15 p.m. | 1 hour, 47 minutes ago
Description : Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has "none" as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51954 - ElectronHub AI Playground XSS
CVE ID : CVE-2025-51954
Published : July 30, 2025, 8:15 p.m. | 1 hour, 47 minutes ago
Description : playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51954
Published : July 30, 2025, 8:15 p.m. | 1 hour, 47 minutes ago
Description : playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52187 - Apache GetProjectsIdea School Management System XSS
CVE ID : CVE-2025-52187
Published : July 30, 2025, 8:15 p.m. | 1 hour, 47 minutes ago
Description : GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52187
Published : July 30, 2025, 8:15 p.m. | 1 hour, 47 minutes ago
Description : GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...