Latest CVE Feed
-
4.3
MEDIUMCVE-2025-57758
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5... Read more
Affected Products : contao- Published: Aug. 28, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-57759
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in... Read more
Affected Products : contao- Published: Aug. 28, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-58049
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions from 14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1, the PDF export jobs store sensitive co... Read more
Affected Products : xwiki- Published: Aug. 28, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-9597
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attac... Read more
Affected Products : apartment_management_system- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9598
A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results in sql injection. The attack can be initiate... Read more
Affected Products : apartment_management_system- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9599
A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection.... Read more
Affected Products : apartment_management_system- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9600
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql inject... Read more
Affected Products : apartment_management_system- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9601
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched rem... Read more
Affected Products : apartment_management_system- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-9606
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The atta... Read more
Affected Products : i-educar- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-9607
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead... Read more
Affected Products : i-educar- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-9608
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. Remote expl... Read more
Affected Products : i-educar- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-40702
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more
Affected Products : openatlas- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-40703
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more
Affected Products : openatlas- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-40704
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more
Affected Products : openatlas- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-40705
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more
Affected Products : openatlas- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-40706
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote ... Read more
Affected Products : openatlas- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-22483
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application d... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-34164
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-9671
A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application compon... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
10.0
CRITICALCVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal