CVE-2025-7734 - GitLab Cross-Site Scripting (XSS)
CVE ID : CVE-2025-7734
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7734
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7739 - GitLab CE/EE Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-7739
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7739
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8754 - ABB AbilityTM zenon Missing Authentication for Critical Function
CVE ID : CVE-2025-8754
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8754
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8770 - GitLab EE Authentication Bypass Vulnerability
CVE ID : CVE-2025-8770
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8770
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8904 - Amazon EMR Kerberos Keytab File Disclosure
CVE ID : CVE-2025-8904
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8904
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8919 - Portabilis i-Diario Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8919
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8919
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8920 - Portabilis i-Diario Dicionário de Termos BNCC Page Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8920
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8920
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8921 - Code-Projects Job Diary SQL Injection Vulnerability
CVE ID : CVE-2025-8921
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8921
Published : Aug. 13, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43989 - Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLIC Command Injection Vulnerability
CVE ID : CVE-2025-43989
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie (bypassing normal session checks), an unauthenticated attacker can use that parameter to execute arbitrary OS commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43989
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie (bypassing normal session checks), an unauthenticated attacker can use that parameter to execute arbitrary OS commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45313 - Hortusfox Web XSS
CVE ID : CVE-2025-45313
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45313
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8922 - Job Diary SQL Injection Vulnerability
CVE ID : CVE-2025-8922
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8922
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8923 - Code-Projects Job Diary SQL Injection Vulnerability
CVE ID : CVE-2025-8923
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8923
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8924 - Campcodes Online Water Billing System SQL Injection
CVE ID : CVE-2025-8924
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8924
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8925 - iSourcecode Sports Management System SQL Injection Vulnerability
CVE ID : CVE-2025-8925
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8925
Published : Aug. 13, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10009 - Apache S40 CMS Path Traversal Vulnerability
CVE ID : CVE-2011-10009
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10009
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10010 - QuickShare File Server FTP Path Traversal Vulnerability
CVE ID : CVE-2011-10010
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10010
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10011 - WeBid Remote Code Injection Vulnerability
CVE ID : CVE-2011-10011
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10011
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10012 - Impero Software NetOp Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2011-10012
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10012
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10013 - Traq Remote Code Execution Vulnerability
CVE ID : CVE-2011-10013
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10013
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10014 - GTA San Andreas Multiplayer (SA-MP) Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2011-10014
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10014
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2011-10015 - Cytel Studio Buffer Overflow Vulnerability
CVE ID : CVE-2011-10015
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2011-10015
Published : Aug. 13, 2025, 9:15 p.m. | 3 hours, 11 minutes ago
Description : Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...