Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
No results found.
Remaining NVD entries (unprocessed / no code available): ~294398 :
Date | Id | Summary | Products | Score | Patch |
---|---|---|---|---|---|
2025-06-30 | CVE-2025-36593 | Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request. | N/A | N/A | |
2025-06-30 | CVE-2025-52898 | Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's password reset token. This can only be exploited on self hosted instances configured in a certain way. Frappe Cloud users are safe. This issue has been patched in versions 14.94.3 and 15.58.0. Workarounds for this issue involve verifying password reset URLs before clicking on them or upgrading for self hosted users. | N/A | N/A | |
2025-06-30 | CVE-2025-6917 | A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The manipulation of the argument uname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | N/A | 7.3 | |
2025-06-30 | CVE-2025-6925 | A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond... | N/A | N/A | |
2025-06-30 | CVE-2025-26074 | Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. | N/A | N/A | |
2025-06-30 | CVE-2025-45143 | string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input. | N/A | N/A | |
2025-06-30 | CVE-2025-45931 | An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file | N/A | N/A |