Total
4021 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43207 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43208 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information. | ||||
| CVE-2025-43263 | 1 Apple | 1 Xcode | 2025-09-17 | 7.1 High |
| The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | ||||
| CVE-2025-24088 | 1 Apple | 1 Macos | 2025-09-17 | 7.5 High |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles. | ||||
| CVE-2025-24197 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2025-09-17 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-31268 | 1 Apple | 1 Macos | 2025-09-17 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-10427 | 1 Sourcecodester | 1 Pet Grooming Management Software | 2025-09-17 | 6.3 Medium |
| A weakness has been identified in SourceCodester Pet Grooming Management Software 1.0. This impacts an unknown function of the file /admin/operation/user.php. Executing manipulation of the argument website_image can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10428 | 1 Sourcecodester | 1 Pet Grooming Management Software | 2025-09-17 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Affected is an unknown function of the file /admin/seo_setting.php of the component Setting Handler. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10491 | 2 Microsoft, Mongodb | 2 Windows, Mongodb | 2025-09-17 | 7.8 High |
| The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB's process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 | ||||
| CVE-2025-10480 | 1 Sourcecodester | 1 Online Student File Management System | 2025-09-17 | 6.3 Medium |
| A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10447 | 1 Campcodes | 1 Online Job Finder System | 2025-09-17 | 7.3 High |
| A vulnerability was detected in Campcodes Online Job Finder System 1.0. The impacted element is an unknown function of the file /eris/applicationform.php. The manipulation of the argument picture results in unrestricted upload. It is possible to launch the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-8841 | 2 Microservices-platform Project, Zlt2000 | 2 Microservices-platform, Microservices-platform | 2025-09-16 | 6.3 Medium |
| A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56274 | 2025-09-16 | 8.1 High | ||
| SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users. | ||||
| CVE-2025-55244 | 1 Microsoft | 2 Azure, Azure Ai Bot Service | 2025-09-16 | 9 Critical |
| Azure Bot Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-55238 | 1 Microsoft | 2 365, Dynamics 365 | 2025-09-16 | 7.5 High |
| Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability | ||||
| CVE-2025-54914 | 1 Microsoft | 1 Azure | 2025-09-16 | 10 Critical |
| Azure Networking Elevation of Privilege Vulnerability | ||||
| CVE-2025-53791 | 1 Microsoft | 1 Edge Chromium | 2025-09-16 | 4.7 Medium |
| Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-54116 | 2025-09-16 | 7.3 High | ||
| Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54098 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-16 | 7.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49692 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2025-09-16 | 7.8 High |
| Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | ||||