CVE-2022-38694 - Cisco BootRom Bootloader Unchecked Write Address Privilege Escalation Vulnerability
CVE ID : CVE-2022-38694
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38694
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38695 - Citrix BootRom Command Index Overflow Vulnerability
CVE ID : CVE-2022-38695
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38695
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-38696 - "Microsoft BootRom Buffer Overflow Vulnerability"
CVE ID : CVE-2022-38696
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-38696
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58318 - Delta Electronics DIAView Authentication Bypass
CVE ID : CVE-2025-58318
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : Delta Electronics DIAView has an authentication bypass vulnerability.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58318
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : Delta Electronics DIAView has an authentication bypass vulnerability.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9768 - iSourcecode Sports Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9768
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9768
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9769 - D-Link DI-7400G+ Command Injection Vulnerability
CVE ID : CVE-2025-9769
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9769
Published : Sept. 1, 2025, 8:15 a.m. | 35 minutes ago
Description : A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9770 - Campcodes Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-9770
Published : Sept. 1, 2025, 9:15 a.m. | 3 hours, 36 minutes ago
Description : A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9770
Published : Sept. 1, 2025, 9:15 a.m. | 3 hours, 36 minutes ago
Description : A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9771 - SourceCodester Eye Clinic Management System SQL Injection
CVE ID : CVE-2025-9771
Published : Sept. 1, 2025, 9:15 a.m. | 3 hours, 36 minutes ago
Description : A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9771
Published : Sept. 1, 2025, 9:15 a.m. | 3 hours, 36 minutes ago
Description : A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9772 - RemoteClinic Unrestricted File Upload Vulnerability
CVE ID : CVE-2025-9772
Published : Sept. 1, 2025, 10:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9772
Published : Sept. 1, 2025, 10:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9773 - RemoteClinic Cross Site Scripting (XSS)
CVE ID : CVE-2025-9773
Published : Sept. 1, 2025, 10:15 a.m. | 2 hours, 36 minutes ago
Description : A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9773
Published : Sept. 1, 2025, 10:15 a.m. | 2 hours, 36 minutes ago
Description : A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9774 - RemoteClinic Information Disclosure Vulnerability
CVE ID : CVE-2025-9774
Published : Sept. 1, 2025, 11:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9774
Published : Sept. 1, 2025, 11:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9775 - RemoteClinic Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-9775
Published : Sept. 1, 2025, 11:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9775
Published : Sept. 1, 2025, 11:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36133 - IBM App Connect Enterprise Certified Container Log Information Disclosure Vulnerability
CVE ID : CVE-2025-36133
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36133
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9778 - Tenda W12 Hard-Coded Credentials Vulnerability
CVE ID : CVE-2025-9778
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9778
Published : Sept. 1, 2025, 12:15 p.m. | 36 minutes ago
Description : A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.
Severity: 1.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12914 - Akınsoft QR Menü Cross-Site Scripting (XSS)
CVE ID : CVE-2024-12914
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12914
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12924 - Akınsoft QR Menü Open Redirect Vulnerability
CVE ID : CVE-2024-12924
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12924
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12925 - Akınsoft QR Menü Certificate Validation HTTP Response Splitting
CVE ID : CVE-2024-12925
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12925
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.This issue affects QR Menü: from s1.05.05 before v1.05.12.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-0610 - Akınsoft QR Menü CSRF
CVE ID : CVE-2025-0610
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-0610
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2412 - Akinsoft QR Menu Authentication Bypass
CVE ID : CVE-2025-2412
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2412
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9779 - TOTOLINK A702R Remote Buffer Overflow Vulnerability
CVE ID : CVE-2025-9779
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9779
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9780 - TOTOLINK A702R Buffer Overflow Vulnerability
CVE ID : CVE-2025-9780
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9780
Published : Sept. 1, 2025, 1:15 p.m. | 3 hours, 37 minutes ago
Description : A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...