5.3
CVE-2025-14516 - Yalantis uCrop URL com.yalantis.ucrop.task.BitmapLoadTask.java downloadFile server-side request for…
A vulnerability was found in Yalantis uCrop 2.2.11. Affected by this issue is the function downloadFile of the file com.yalantis.ucrop.task.BitmapLoadTask.java of the component URL Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. The exp…
7.6
CVE-2025-13003 - IDOR in Aksis Computer's AxOnboard
Authorization Bypass Through User-Controlled Key vulnerability in Aksis Computer Services and Consulting Inc. AxOnboard allows Exploitation of Trusted Identifiers.This issue affects AxOnboard: from 3.2.0 before 3.3.0.
6.9
CVE-2025-14515 - Campcodes Supplier Management System add_unit.php sql injection
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been …
6.9
CVE-2025-14514 - Campcodes Supplier Management System add_distributor.php sql injection
A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us…
6.5
CVE-2025-64995 - Privilege Escalation via Process Hijacking in 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting…
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Exchange-NomadClientHealth-ConfigureGeneralSetting instruction prior V3.4. Improper protection of the execution path on the local device allows attackers, with local access to the devic…
6.5
CVE-2025-64994 - Privilege Escalation via Uncontrolled Search Path in 1E-Nomad-SetWorkRate instruction
A privilege escalation vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-SetWorkRate instruction prior V17.1. The improper handling of executable search paths could allow local attackers with write access to a PATH directory on a device to escalate pri…
6.8
CVE-2025-64993 - Command Injection in 1E-ConfigMgrConsoleExtensions Instructions
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-ConfigMgrConsoleExtensions instructions. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote exec…
6.8
CVE-2025-64992 - Command Injection in 1E-Nomad-PauseNomadJobQueue Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-PauseNomadJobQueue instruction prior V25. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remo…
6.8
CVE-2025-64991 - Command Injection in 1E-PatchInsights-Deploy Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-PatchInsights-Deploy instruction prior V15. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation enables remote e…
6.8
CVE-2025-64990 - Command Injection in 1E-Explorer-TachyonCore-LogoffUser Instruction
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-LogoffUser instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands. Exploitation ena…