Search
Search Results (343836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49406 | 2 Favethemes, Wordpress | 2 Houzez, Wordpress | 2025-08-21 | 5.3 Medium |
| Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1. | ||||
| CVE-2025-53191 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-53190 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-53189 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-53188 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2025-08-21 | N/A |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-57832 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57831 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57830 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57829 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57828 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57827 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57826 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57825 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2025-57824 | 2025-08-21 | N/A | ||
| Not used | ||||
| CVE-2024-27349 | 1 Apache | 2 Hugegraph, Hugegraph-server | 2025-08-21 | 9.1 Critical |
| Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | ||||
| CVE-2025-48757 | 2025-08-21 | 9.3 Critical | ||
| An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a responsibility over protecting the data of their application. | ||||
| CVE-2024-34449 | 1 B3log | 1 Vditor | 2025-08-21 | 6.1 Medium |
| Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true. | ||||
| CVE-2024-6184 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability classified as critical was found in Ruijie RG-UAC 1.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6186 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument ad_log_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6187 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/sub_commit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||