Vulnerability Summary for the Week of August 11, 2025
Released
Aug 18, 2025
Document ID
SB25-230
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Sales Management System | A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8932 |
| 1000 Projects--Sales Management System | A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8935 |
| 1000 Projects--Sales Management System | A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8936 |
| 2100 Technology--Official Document Management System | Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user. | 2025-08-11 | 9.8 | CVE-2025-8853 |
| 48hmorris--Assistant for NextGEN Gallery | The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server, which can cause a complete loss of availability. | 2025-08-15 | 7.5 | CVE-2025-7641 |
| ABB--ABB AbilityTM zenon | Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14. | 2025-08-13 | 7.5 | CVE-2025-8754 |
| ABB--ASPECT | Improper Control of Generation of Code ('Code Injection') vulnerability in ABB ASPECT.This issue affects ASPECT: before <3.08.04-s01. | 2025-08-11 | 7 | CVE-2025-53187 |
| ABB--Aspect | Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01. | 2025-08-11 | 7 | CVE-2025-53188 |
| ABB--Aspect | Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01. | 2025-08-11 | 7 | CVE-2025-53189 |
| ABB--Aspect | A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01. | 2025-08-11 | 7 | CVE-2025-53190 |
| ABB--Aspect | Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01. | 2025-08-11 | 7.7 | CVE-2025-53191 |
| ABB--Aspect | Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions. | 2025-08-11 | 7.4 | CVE-2025-7679 |
| Acato--WP REST Cache | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0. | 2025-08-14 | 7.5 | CVE-2025-52716 |
| Adobe--Adobe Commerce | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed. | 2025-08-12 | 8.1 | CVE-2025-49555 |
| Adobe--Adobe Commerce | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. | 2025-08-12 | 8.7 | CVE-2025-49557 |
| Adobe--Adobe Commerce | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | 2025-08-12 | 7.5 | CVE-2025-49554 |
| Adobe--Adobe Commerce | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged. | 2025-08-12 | 7.5 | CVE-2025-49556 |
| Adobe--Adobe Framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54229 |
| Adobe--Adobe Framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54230 |
| Adobe--Adobe Framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54231 |
| Adobe--Adobe Framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54232 |
| Adobe--Animate | Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49561 |
| Adobe--Illustrator | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49563 |
| Adobe--Illustrator | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49564 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54215 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54216 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54217 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54218 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54219 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54220 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54221 |
| Adobe--InCopy | InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54223 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54206 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54207 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54208 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54209 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54210 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54211 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54212 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54213 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54224 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54225 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54226 |
| Adobe--Photoshop Desktop | Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49570 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses an uncontrolled search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction. | 2025-08-12 | 7.8 | CVE-2025-49571 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49572 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49573 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54187 |
| Adobe--Substance3D - Stager | Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-54222 |
| Adobe--Substance3D - Viewer | Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49560 |
| Adobe--Substance3D - Viewer | Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 7.8 | CVE-2025-49569 |
| Alvind--Billplz Addon for Contact Form 7 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affects Billplz Addon for Contact Form 7: from n/a through 1.2.0. | 2025-08-14 | 7.1 | CVE-2025-31007 |
| ApusTheme--Findgo | Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo allows Cross Site Request Forgery. This issue affects Findgo: from n/a through 1.3.57. | 2025-08-14 | 8.8 | CVE-2025-53587 |
| Arraytics--Eventin | Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection. This issue affects Eventin: from n/a through 4.0.31. | 2025-08-14 | 8.8 | CVE-2025-49869 |
| artkrylov--Icons Factory | The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-08-15 | 9.8 | CVE-2025-7778 |
| Autodesk--AutoCAD | A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-08-15 | 7.8 | CVE-2025-5046 |
| Autodesk--AutoCAD | A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2025-08-15 | 7.8 | CVE-2025-5047 |
| Autodesk--AutoCAD | A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | 2025-08-15 | 7.8 | CVE-2025-5048 |
| bbioon--WooCommerce Purchase Orders | The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2025-08-12 | 8.1 | CVE-2025-5391 |
| beeteam368--BeeTeam368 Extensions | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue affects BeeTeam368 Extensions: from n/a through 1.9.4. | 2025-08-14 | 10 | CVE-2025-25174 |
| beeteam368--VidMov | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4. | 2025-08-14 | 8.1 | CVE-2025-25172 |
| Ben Ritner - Kadence WP--Kadence WooCommerce Email Designer | Incorrect Privilege Assignment vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Privilege Escalation. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.16. | 2025-08-14 | 7.2 | CVE-2025-54697 |
| BestiaDurmiente--Visit Counter | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter allows Stored XSS. This issue affects Visit Counter: from n/a through 1.0. | 2025-08-14 | 7.1 | CVE-2025-49065 |
| bitpressadmin--Bit Form Custom Contact Form, Multi Step, Conversational, Payment & Quiz Form builder | The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. For this to be exploitable, the PRO version needs to be installed and activated as well. Additionally a form with an advanced file upload element needs to be published. | 2025-08-15 | 9.8 | CVE-2025-6679 |
| Bosch Rexroth AG--ctrlX OS - Setup | A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data. | 2025-08-14 | 8 | CVE-2025-48860 |
| Bosch Rexroth AG--ctrlX OS - Setup | Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. However, only the private key - if available in the backup - is encrypted, while the backup file itself remains unencrypted. | 2025-08-14 | 7.1 | CVE-2025-48862 |
| bplugins--B Blocks The ultimate block collection | The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to create a new account and assign it the administrator role. | 2025-08-12 | 9.8 | CVE-2025-8059 |
| bplugins--B Slider- Gutenberg Slider Block for WP | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activated_plugin function. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the server which can make remote code execution possible. | 2025-08-12 | 8.8 | CVE-2025-8418 |
| Campcodes--Online Flight Booking Management System | A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8952 |
| Campcodes--Online Flight Booking Management System | A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8957 |
| Campcodes--Online Flight Booking Management System | A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8960 |
| Campcodes--Online Recruitment Management System | A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8950 |
| Campcodes--Online Water Billing System | A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.3 | CVE-2025-8924 |
| checkpoint--Check Point Harmony SASE | Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. | 2025-08-12 | 8.1 | CVE-2025-3831 |
| CherryHQ--cherry-studio | Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server's implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2. | 2025-08-13 | 9.7 | CVE-2025-54382 |
| CherryHQ--cherry-studio | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the app's custom URL handler is triggered, leading to remote code execution on the victim's machine. This issue has been patched in version 1.5.1. | 2025-08-11 | 8 | CVE-2025-54063 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS condition. This vulnerability is due to ineffective validation of user-supplied input during the Remote Access SSL VPN authentication process. An attacker could exploit this vulnerability by sending a crafted request to the VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition where the device stops responding to Remote Access SSL VPN authentication requests. | 2025-08-14 | 8.6 | CVE-2025-20133 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2025-08-14 | 8.6 | CVE-2025-20134 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an infinite loop condition that occurs when a Cisco Secure ASA or Cisco Secure FTD device processes DNS packets with DNS inspection enabled and the device is configured for NAT44, NAT64, or NAT46. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static NAT rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to create an infinite loop and cause the device to reload, resulting in a DoS condition. | 2025-08-14 | 8.6 | CVE-2025-20136 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to improper validation of user-supplied input on an interface with VPN web services. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on an affected device. A successful exploit could allow the attacker to cause a DoS condition when the device reloads. | 2025-08-14 | 8.6 | CVE-2025-20243 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover. This vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive. To exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device. | 2025-08-14 | 8.5 | CVE-2025-20251 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause an infinite loop that exhausts resources and could cause the device to reload. | 2025-08-14 | 8.6 | CVE-2025-20253 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition. | 2025-08-14 | 8.6 | CVE-2025-20263 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition. Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted. | 2025-08-14 | 7.7 | CVE-2025-20127 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload. | 2025-08-14 | 7.7 | CVE-2025-20244 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level. Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both. | 2025-08-14 | 10 | CVE-2025-20265 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only). | 2025-08-14 | 8.5 | CVE-2025-20148 |
| Cisco--Cisco Firepower Threat Defense Software | A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of traffic that is inspected by an affected device. An attacker could exploit this vulnerability by sending crafted traffic through the affected device. A successful exploit could allow the attacker to cause the affected device to enter an infinite loop while inspecting traffic, resulting in a DoS condition. The system watchdog will restart the Snort process automatically. | 2025-08-14 | 8.6 | CVE-2025-20217 |
| Cisco--Cisco Firepower Threat Defense Software | A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of IPv6 packets. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device. A successful exploit could allow the attacker to trigger a reload of the device, resulting in a DoS condition. | 2025-08-14 | 8.6 | CVE-2025-20222 |
| Cisco--IOS | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | 2025-08-14 | 8.6 | CVE-2025-20239 |
| CleverReach--CleverReach WP | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injection. This issue affects CleverReach® WP: from n/a through 1.5.20. | 2025-08-14 | 9.3 | CVE-2025-49059 |
| Cloud Infrastructure Services--Cloud SAML SSO - Single Sign On Login | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login allows PHP Local File Inclusion. This issue affects Cloud SAML SSO - Single Sign On Login: from n/a through 1.0.18. | 2025-08-14 | 7.5 | CVE-2025-49264 |
| code-projects--Job Diary | A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.3 | CVE-2025-8921 |
| code-projects--Job Diary | A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.3 | CVE-2025-8922 |
| code-projects--Job Diary | A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.3 | CVE-2025-8923 |
| code-projects--Online Medicine Guide | A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-8990 |
| code-projects--Online Medicine Guide | A vulnerability has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /addelivery.php. The manipulation of the argument deName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9027 |
| code-projects--Online Medicine Guide | A vulnerability was found in code-projects Online Medicine Guide 1.0. This issue affects some unknown processing of the file /adphar.php. The manipulation of the argument phuname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9028 |
| cornfeed--WP-jScrollPane | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane allows Reflected XSS. This issue affects WP-jScrollPane: from n/a through 2.0.3. | 2025-08-14 | 7.1 | CVE-2025-49062 |
| crmperks--Database for Contact Form 7, WPforms, Elementor forms | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted. | 2025-08-13 | 9.8 | CVE-2025-7384 |
| D-Link--DIR-825 | A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-14 | 7.2 | CVE-2025-8949 |
| D-Link--DIR-860L | A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-15 | 7.3 | CVE-2025-9026 |
| dasinfomedia--School Management System for Wordpress | The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2025-08-16 | 8.8 | CVE-2025-6079 |
| dasinfomedia--School Management System for Wordpress | The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-08-16 | 7.5 | CVE-2024-12612 |
| dasinfomedia--WPGYM - Wordpress Gym Management System | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. The Local File Inclusion exploit can be chained to include various dashboard view files in the plugin. One in particular reported by the researcher can be leveraged to update the password of Super Administrator accounts in Multisite environments making privilege escalation possible. | 2025-08-16 | 8.8 | CVE-2025-3671 |
| dasinfomedia--WPGYM - Wordpress Gym Management System | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new users, including admins. | 2025-08-16 | 8.8 | CVE-2025-6080 |
| denoland--std | @std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9. | 2025-08-14 | 7.3 | CVE-2025-55195 |
| Dylan Kuhn--Geo Mashup | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. This issue affects Geo Mashup: from n/a through 1.13.16. | 2025-08-14 | 9.8 | CVE-2025-48293 |
| epiphyt--Form Block | Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block allows Upload a Web Shell to a Web Server. This issue affects Form Block: from n/a through 1.5.5. | 2025-08-14 | 9 | CVE-2025-54693 |
| ExpressTech Systems--Quiz And Survey Master | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.4. | 2025-08-14 | 8.5 | CVE-2025-55708 |
| eyecix--JobSearch | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0. | 2025-08-14 | 7.5 | CVE-2025-52806 |
| F5--BIG-IP | When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-08-13 | 7.5 | CVE-2025-46405 |
| F5--BIG-IP | When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-08-13 | 7.5 | CVE-2025-52585 |
| F5--BIG-IP Edge Client | A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-08-13 | 7.3 | CVE-2025-48500 |
| F5--F5 Access | F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-08-13 | 7.4 | CVE-2025-54809 |
| Federico Rota--Authentication and xmlrpc log writer | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer allows Reflected XSS. This issue affects Authentication and xmlrpc log writer: from n/a through 1.2.2. | 2025-08-14 | 7.1 | CVE-2025-49037 |
| FirebirdSQL--firebird | Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf. | 2025-08-15 | 7.1 | CVE-2025-24975 |
| Fortinet--FortiPAM | An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number. | 2025-08-12 | 7.9 | CVE-2024-26009 |
| Fortinet--FortiSIEM | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests. | 2025-08-12 | 9.8 | CVE-2025-25256 |
| Fortinet--FortiWeb | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request. | 2025-08-12 | 7.7 | CVE-2025-52970 |
| Foxit--Foxit Reader | A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2025-08-13 | 8.8 | CVE-2025-32451 |
| gelbphoenix--autocaliweb | Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3. | 2025-08-12 | 8.3 | CVE-2025-55165 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names. | 2025-08-13 | 8.7 | CVE-2025-6186 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. | 2025-08-13 | 8.7 | CVE-2025-7734 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions. | 2025-08-13 | 8.7 | CVE-2025-7739 |
| glboy--WooCommerce OTP Login With Phone Number, OTP Verification | The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured. | 2025-08-15 | 8.1 | CVE-2025-8342 |
| gopiplus--Vertical scroll slideshow gallery v2 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1. | 2025-08-15 | 8.5 | CVE-2025-49897 |
| GravityWP--GravityWP - Merge Tags | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags allows PHP Local File Inclusion. This issue affects GravityWP - Merge Tags: from n/a through 1.4.4. | 2025-08-14 | 7.5 | CVE-2025-49271 |
| H3C--M2 NAS | A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services". This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-13 | 7 | CVE-2025-8907 |
| HashiCorp--Shared library | HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9. | 2025-08-15 | 7.5 | CVE-2025-8959 |
| hassantafreshi--Easy Form Builder | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder allows Blind SQL Injection. This issue affects Easy Form Builder: from n/a through 3.8.15. | 2025-08-14 | 9.3 | CVE-2025-54678 |
| highwarden--Super Store Finder | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super Store Finder: from n/a through 7.5. | 2025-08-14 | 9.3 | CVE-2025-52720 |
| i3geek--BaiduXZH Submit() | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌å·) allows Reflected XSS. This issue affects BaiduXZH Submit(百度熊掌å·): from n/a through 1.4.6. | 2025-08-14 | 7.1 | CVE-2025-49063 |
| ImageMagick--ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. | 2025-08-13 | 8.8 | CVE-2025-55154 |
| ImageMagick--ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image. This issue has been patched in version 7.1.2-1. | 2025-08-13 | 7.6 | CVE-2025-55004 |
| infosoftplugin--WooCommerce Point Of Sale (POS) | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) allows SQL Injection. This issue affects WooCommerce Point Of Sale (POS): from n/a through 1.4. | 2025-08-14 | 8.5 | CVE-2025-52820 |
| INSTAR--2K+ | A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely. | 2025-08-13 | 9.8 | CVE-2025-8760 |
| INSTAR--2K+ | A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.5 | CVE-2025-8761 |
| Insyde Software--InsydeH2O | UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | 2025-08-13 | 7.5 | CVE-2025-4276 |
| Insyde Software--InsydeH2O | Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | 2025-08-13 | 7.5 | CVE-2025-4277 |
| Insyde Software--InsydeH2O | A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code. | 2025-08-13 | 7.5 | CVE-2025-4410 |
| iThemes--ServerBuddy by PluginBuddy.com | Cross-Site Request Forgery (CSRF) vulnerability in iThemes ServerBuddy by PluginBuddy.Com allows Object Injection.This issue affects ServerBuddy by PluginBuddy.Com: from n/a through 1.0.5. | 2025-08-16 | 8.8 | CVE-2025-49895 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8966 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8967 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8968 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8969 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8970 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument val-username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8971 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8972 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument payment_type leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8981 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of the argument curr_code leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8982 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of the argument expense_for leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8983 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of the argument expense_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8984 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-8993 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation of the argument uname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9008 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9009 |
| itsourcecode--Online Tour and Travel Management System | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9010 |
| itsourcecode--Sports Management System | A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.3 | CVE-2025-8925 |
| Ivanti--Avalanche | SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution | 2025-08-12 | 7.2 | CVE-2025-8296 |
| Ivanti--Avalanche | Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution | 2025-08-12 | 7.2 | CVE-2025-8297 |
| Ivanti--Connect Secure | A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125 | 2025-08-12 | 7.5 | CVE-2025-5456 |
| Ivanti--Connect Secure | A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. | 2025-08-12 | 7.5 | CVE-2025-5462 |
| johnh10--Video Blogster Lite | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite allows Reflected XSS. This issue affects Video Blogster Lite: from n/a through 1.2. | 2025-08-14 | 7.1 | CVE-2025-47689 |
| josepsitjar--StoryMap | Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1. | 2025-08-14 | 8.2 | CVE-2025-52797 |
| kamleshyadav--WP Lead Capturing Pages | Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | 2025-08-14 | 7.5 | CVE-2025-31425 |
| kanboard--kanboard | Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event["data"] field in the project_activities table. A malicious actor can update this field to use a php gadget to write a web shell into the /plugins folder, which then gives remote code execution on the host system. This issue has been patched in version 1.2.47. | 2025-08-12 | 9.1 | CVE-2025-55010 |
| keywordrush--Content Egg | Deserialization of Untrusted Data vulnerability in keywordrush Content Egg allows Object Injection. This issue affects Content Egg: from n/a through 7.0.0. | 2025-08-14 | 7.2 | CVE-2025-47536 |
| Ko Min--WP Voting | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting allows Reflected XSS. This issue affects WP Voting: from n/a through 1.8. | 2025-08-14 | 7.1 | CVE-2025-49057 |
| Kubernetes--Image Builder | A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. Additionally, virtual machine images built using the Nutanix or the OVA provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their Windows nodes use VM images created via the Image Builder project with its Nutanix or OVA provider. | 2025-08-17 | 7.5 | CVE-2025-7342 |
| LabRedesCefetRJ--WeGIA | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any Image files at endpoint /html/personalizacao_remover.php by defining imagem_0 as image id to delete. This issue has been patched in version 3.4.8. | 2025-08-12 | 7.5 | CVE-2025-55171 |
| LambertGroup--Multimedia Playlist Slider Addon for WPBakery Page Builder | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1. | 2025-08-14 | 7.1 | CVE-2025-30626 |
| Linksys--RE6250 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 8.8 | CVE-2025-8822 |
| Linksys--RE6250 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 8.8 | CVE-2025-8824 |
| Linksys--RE6250 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 8.8 | CVE-2025-8826 |
| Linksys--RE6250 | A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 8.8 | CVE-2025-8831 |
| Linksys--RE6250 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 8.8 | CVE-2025-8832 |
| Linksys--RE6250 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 8.8 | CVE-2025-8833 |
| Liquid Web--GiveWP | Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1. | 2025-08-12 | 7.5 | CVE-2025-47444 |
| lisensee--NetInsight Analytics Implementation Plugin | Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Stored XSS. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | 2025-08-14 | 7.1 | CVE-2025-52765 |
| loword--AL Pack | The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check_activate_permission() permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.0.2. The callback reads the client-supplied Origin header and, after parsing, allows the request if it matches one of the trusted domains, without ever verifying user authentication, capabilities, or nonce tokens. This makes it possible for unauthenticated attackers to activate premium features by simply spoofing the Origin header. | 2025-08-16 | 7.5 | CVE-2025-7664 |
| Made I.T.--Forms | Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Forms: from n/a through 2.9.0. | 2025-08-14 | 9.9 | CVE-2025-24775 |
| magepeopleteam--E-cab Taxi Booking Manager for Woocommerce | The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.0. This is due to the plugin not properly validating a user's capabilities prior to updating a plugin setting or their identity prior to updating their details like email address. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | 2025-08-16 | 9.8 | CVE-2025-8898 |
| MasaCMS--MasaCMS | MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.6, 7.3.13, and 7.2.8 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.6, 7.3.13, and 7.2.8 contain a fix for the issue. | 2025-08-11 | 9.8 | CVE-2024-32640 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint. | 2025-08-11 | 7.2 | CVE-2025-44004 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body. | 2025-08-11 | 7.5 | CVE-2025-52931 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint. | 2025-08-11 | 7.2 | CVE-2025-54478 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body. | 2025-08-11 | 7.5 | CVE-2025-54525 |
| Mechrevo--Control Center GX V2 | A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7 | CVE-2025-9000 |
| Mechrevo--Control Center GX V2 | A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械é©å‘½æŽ§åˆ¶ä¸å¿ƒ\AiStoneService\MyControlCenter\Command of the component Powershell Script Handler. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7 | CVE-2025-9016 |
| Metagauss--ProfileGrid | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3. | 2025-08-14 | 8.5 | CVE-2025-49033 |
| Microsoft--Azure File Sync | Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53729 |
| Microsoft--Azure Stack Hub 2408 | Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | 2025-08-12 | 7.5 | CVE-2025-53793 |
| Microsoft--DCasv5-series Azure VM | Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | 2025-08-12 | 7.9 | CVE-2025-49707 |
| Microsoft--DCasv5-series Azure VM | Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | 2025-08-12 | 7.7 | CVE-2025-53781 |
| Microsoft--Microsoft 365 Apps for Enterprise | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-08-12 | 8.4 | CVE-2025-53784 |
| Microsoft--Microsoft Exchange Server 2019 Cumulative Update 14 | Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | 2025-08-12 | 7.5 | CVE-2025-33051 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-08-12 | 8.4 | CVE-2025-53731 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-08-12 | 8.4 | CVE-2025-53740 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53730 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53734 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53738 |
| Microsoft--Microsoft Office 2019 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53761 |
| Microsoft--Microsoft Office for Android | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53732 |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-49712 |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 2025-08-12 | 8.4 | CVE-2025-53733 |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 7.1 | CVE-2025-53760 |
| Microsoft--Microsoft SQL Server 2017 (GDR) | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8.8 | CVE-2025-24999 |
| Microsoft--Microsoft SQL Server 2017 (GDR) | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8.8 | CVE-2025-49758 |
| Microsoft--Microsoft SQL Server 2017 (GDR) | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8.8 | CVE-2025-49759 |
| Microsoft--Microsoft SQL Server 2022 (GDR) | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8.8 | CVE-2025-47954 |
| Microsoft--Microsoft SQL Server 2022 for x64-based Systems (CU 20) | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8.8 | CVE-2025-53727 |
| Microsoft--Microsoft Visual Studio 2022 version 17.14 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53773 |
| Microsoft--Office Online Server | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53735 |
| Microsoft--Office Online Server | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53737 |
| Microsoft--Office Online Server | Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53739 |
| Microsoft--Office Online Server | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53741 |
| Microsoft--Office Online Server | Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53759 |
| Microsoft--Teams for D365 Remote Assist HoloLens | Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 7.5 | CVE-2025-53783 |
| Microsoft--Web Deploy 4.0 | Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-53772 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 9.8 | CVE-2025-53766 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 8.1 | CVE-2025-50177 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-53131 |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8 | CVE-2025-53132 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-53143 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-53144 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-53145 |
| Microsoft--Windows 10 Version 1809 | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 8.8 | CVE-2025-53778 |
| Microsoft--Windows 10 Version 1809 | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | 2025-08-12 | 7.5 | CVE-2025-48807 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-49761 |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-49762 |
| Microsoft--Windows 10 Version 1809 | Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-50153 |
| Microsoft--Windows 10 Version 1809 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 7.5 | CVE-2025-50154 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-50155 |
| Microsoft--Windows 10 Version 1809 | Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. | 2025-08-12 | 7 | CVE-2025-50158 |
| Microsoft--Windows 10 Version 1809 | Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.3 | CVE-2025-50159 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.3 | CVE-2025-50161 |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-50167 |
| Microsoft--Windows 10 Version 1809 | Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-50170 |
| Microsoft--Windows 10 Version 1809 | Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-50173 |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53134 |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53135 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53137 |
| Microsoft--Windows 10 Version 1809 | Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53140 |
| Microsoft--Windows 10 Version 1809 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53141 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53147 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53149 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53151 |
| Microsoft--Windows 10 Version 1809 | Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-53152 |
| Microsoft--Windows 10 Version 1809 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53154 |
| Microsoft--Windows 10 Version 1809 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53155 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53718 |
| Microsoft--Windows 10 Version 1809 | Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53721 |
| Microsoft--Windows 10 Version 1809 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | 2025-08-12 | 7.5 | CVE-2025-53722 |
| Microsoft--Windows 10 Version 1809 | Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53723 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53724 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53725 |
| Microsoft--Windows 10 Version 1809 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53726 |
| Microsoft--Windows 10 Version 1809 | Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53789 |
| Microsoft--Windows 11 version 22H2 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-50168 |
| Microsoft--Windows 11 version 22H2 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53142 |
| Microsoft--Windows Server 2019 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-49757 |
| Microsoft--Windows Server 2019 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 2025-08-12 | 8 | CVE-2025-50160 |
| Microsoft--Windows Server 2019 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 2025-08-12 | 8 | CVE-2025-50162 |
| Microsoft--Windows Server 2019 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 8.8 | CVE-2025-50163 |
| Microsoft--Windows Server 2019 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 2025-08-12 | 8 | CVE-2025-50164 |
| Microsoft--Windows Server 2019 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | 2025-08-12 | 8 | CVE-2025-53720 |
| Microsoft--Windows Server 2022 | Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 9.1 | CVE-2025-50171 |
| Microsoft--Windows Server 2022 | Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. | 2025-08-12 | 7.8 | CVE-2025-50176 |
| Microsoft--Windows Server 2025 (Server Core installation) | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 9.8 | CVE-2025-50165 |
| Microsoft--Windows Server 2025 (Server Core installation) | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network. | 2025-08-12 | 7.5 | CVE-2025-50169 |
| Microsoft--Windows Server 2025 (Server Core installation) | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7.8 | CVE-2025-53133 |
| Microsoft--Windows Server 2025 (Server Core installation) | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | 2025-08-12 | 7.2 | CVE-2025-53779 |
| Microsoft--Windows Subsystem for Linux (WSL2) | Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 7 | CVE-2025-53788 |
| mrdenny--Time Sheets | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets allows Reflected XSS. This issue affects Time Sheets: from n/a through 2.1.3. | 2025-08-14 | 7.1 | CVE-2025-49054 |
| MSoft--MFlash | A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above. | 2025-08-15 | 9.1 | CVE-2025-9060 |
| N/A--Flowise | User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request. | 2025-08-14 | 9.8 | CVE-2025-55346 |
| N/A--Flowise | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands. | 2025-08-14 | 9.8 | CVE-2025-8943 |
| n/a--Intel(R) 700 Series Ethernet | Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. | 2025-08-12 | 7.5 | CVE-2025-21086 |
| n/a--Intel(R) 700 Series Ethernet | Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-24486 |
| n/a--Intel(R) 700 Series Ethernet | Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-25273 |
| n/a--Intel(R) 800 Series Ethernet | Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 8.2 | CVE-2025-20093 |
| n/a--Intel(R) 800 Series Ethernet | Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 8.8 | CVE-2025-24325 |
| n/a--Intel(R) 800 Series Ethernet | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-22836 |
| n/a--Intel(R) 800 Series Ethernet | Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-22893 |
| n/a--Intel(R) 800 Series Ethernet | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access. | 2025-08-12 | 7.3 | CVE-2025-23241 |
| n/a--Intel(R) 800 Series Ethernet | Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-24303 |
| n/a--Intel(R) 800 Series Ethernet | Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-24484 |
| n/a--Intel(R) Connectivity Performance Suite software installers | Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-20074 |
| n/a--Intel(R) Converged Security and Management Engine | Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.2 | CVE-2025-20037 |
| n/a--Intel(R) Processors | Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.8 | CVE-2025-20109 |
| n/a--Intel(R) PROSet/Wireless WiFi Software for Windows | Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2025-08-12 | 7.4 | CVE-2025-20625 |
| n/a--Intel(R) Xeon(R) 6 processor with Intel(R) TDX | Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.9 | CVE-2025-22889 |
| n/a--Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX | Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.2 | CVE-2025-32086 |
| n/a--Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX | Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.2 | CVE-2025-26403 |
| n/a--Intel(R) Xeon(R) 6 Scalable processors | Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2025-08-12 | 7.5 | CVE-2025-22839 |
| n/a--Intel(R) Xeon(R) 6 Scalable processors | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access | 2025-08-12 | 7.4 | CVE-2025-22840 |
| n/a--Intel(R) Xeon(R) Processor firmware with SGX enabled | Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.2 | CVE-2025-20053 |
| n/a--Intel(R) Xeon(R) processors | Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 7.2 | CVE-2025-24305 |
| n/a--PostgreSQL | Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. | 2025-08-14 | 8.8 | CVE-2025-8714 |
| n/a--PostgreSQL | Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it. | 2025-08-14 | 8.8 | CVE-2025-8715 |
| nasa--CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0. | 2025-08-11 | 8.6 | CVE-2025-54878 |
| NVIDIA--Megatron-LM | NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23305 |
| NVIDIA--Megatron-LM | NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23306 |
| NVIDIA--NVIDIA Apex | NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23295 |
| NVIDIA--NVIDIA Isaac-GR00T N1 | NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23296 |
| NVIDIA--NVIDIA Merlin Transformers4Rec | NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23298 |
| NVIDIA--NVIDIA NeMo Framework | NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23303 |
| NVIDIA--NVIDIA NeMo Framework | NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | 2025-08-13 | 7.8 | CVE-2025-23304 |
| NVIDIA--NVIDIA WebDataset | NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. | 2025-08-13 | 7.8 | CVE-2025-23294 |
| octagonwebstudio--Premium Addons for KingComposer | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer allows PHP Local File Inclusion. This issue affects Premium Addons for KingComposer: from n/a through 1.1.1. | 2025-08-14 | 8.1 | CVE-2025-49036 |
| Omnissa--Omnissa Workspace ONE UEM | Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints. | 2025-08-11 | 7.5 | CVE-2025-25231 |
| Omnissa--Secure Email Gateway | Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks. | 2025-08-11 | 8.6 | CVE-2025-25235 |
| OpenAI--Codex CLI | Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory. | 2025-08-13 | 8.8 | CVE-2025-55345 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | 2025-08-11 | 8.4 | CVE-2025-24298 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | 2025-08-11 | 8.4 | CVE-2025-25278 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | 2025-08-11 | 8.4 | CVE-2025-27128 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | 2025-08-11 | 8.4 | CVE-2025-27577 |
| ovatheme--Cube Portfolio | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio allows SQL Injection. This issue affects Cube Portfolio: from n/a through 1.16.8. | 2025-08-14 | 8.5 | CVE-2025-52823 |
| pencidesign--Soledad | The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | 2025-08-16 | 8.8 | CVE-2025-8142 |
| pencidesign--Soledad | The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-08-16 | 7.3 | CVE-2025-8105 |
| Phoenix Contact--DaUM | A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. | 2025-08-12 | 7.8 | CVE-2025-41686 |
| PHPGurukul--Beauty Parlour Management System | A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9024 |
| PHPGurukul--Hospital Management System | A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8954 |
| PHPGurukul--Hospital Management System | A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8955 |
| PHPGurukul--Online Shopping Portal Project | A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9011 |
| PHPGurukul--Online Shopping Portal Project | A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9012 |
| PHPGurukul--Online Shopping Portal Project | A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9013 |
| PHPGurukul--Teachers Record Management System | A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8951 |
| primersoftware--Primer MyData for Woocommerce | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce allows Reflected XSS. This issue affects Primer MyData for Woocommerce: from n/a through 4.2.5. | 2025-08-14 | 7.1 | CVE-2025-53575 |
| projectworlds--Online Notes Sharing Platform | A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8946 |
| projectworlds--Travel Management System | A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9050 |
| projectworlds--Travel Management System | A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9051 |
| projectworlds--Travel Management System | A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9052 |
| projectworlds--Travel Management System | A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9053 |
| projectworlds--Visitor Management System | A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8947 |
| projectworlds--Visitor Management System | A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8948 |
| projectworlds--Visitor Management System | A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 7.3 | CVE-2025-9047 |
| PublishPress--Gutenberg Blocks | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks allows PHP Local File Inclusion. This issue affects Gutenberg Blocks: from n/a through 3.3.1. | 2025-08-14 | 7.5 | CVE-2025-48332 |
| railmedia--Order Tip for WooCommerce | The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. This is due to lack of server-side validation on the `data-tip` attribute, which makes it possible for unauthenticated attackers to apply an excessive or even negative tip amount, resulting in unauthorized discount up to free orders depending on the value submitted. | 2025-08-15 | 7.5 | CVE-2025-6025 |
| RealMag777--Google Map Targeting | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Inclusion. This issue affects Google Map Targeting: from n/a through 1.1.6. | 2025-08-14 | 8.8 | CVE-2025-52732 |
| RealMag777--MDTF | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a through 1.3.3.7. | 2025-08-14 | 9.3 | CVE-2025-54707 |
| Red Hat--Red Hat Enterprise Linux 7 | A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | 2025-08-13 | 7.8 | CVE-2025-8941 |
| redqteam--Alike - WordPress Custom Post Comparison | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1. | 2025-08-14 | 7.1 | CVE-2025-28975 |
| Rico Macchi--WP Links Page | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page allows SQL Injection. This issue affects WP Links Page: from n/a through 4.9.6. | 2025-08-14 | 8.5 | CVE-2025-30998 |
| Risk Yazlm Teknolojileri Ltd. ti.--Reel Sektr Hazine ve Risk Ynetimi Yazlm | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Reel Sektör Hazine ve Risk Yönetimi Yazılımı: through 1.0.0.4. | 2025-08-15 | 7.2 | CVE-2025-1929 |
| RomanCode--MapSVG | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG allows SQL Injection. This issue affects MapSVG: from n/a through n/a. | 2025-08-14 | 9.3 | CVE-2025-54669 |
| Ronik@UnlimitedWP--Project Cost Calculator | Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Project Cost Calculator: from n/a through 1.0.0. | 2025-08-14 | 7.1 | CVE-2025-52775 |
| Russell Jamieson--CaptionPix | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8. | 2025-08-14 | 7.1 | CVE-2025-52788 |
| SAP_SE--SAP Business One (SLD) | Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, and availability of the application. | 2025-08-12 | 8.8 | CVE-2025-42951 |
| SAP_SE--SAP Landscape Transformation (Analysis Platform) | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | 2025-08-12 | 9.9 | CVE-2025-42950 |
| SAP_SE--SAP NetWeaver Application Server ABAP (BIC Document) | SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information. | 2025-08-12 | 8.1 | CVE-2025-42976 |
| SAP_SE--SAP S/4HANA (Private Cloud or On-Premise) | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. | 2025-08-12 | 9.9 | CVE-2025-42957 |
| scriptsbundle--Exertio | Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio allows Object Injection. This issue affects Exertio: from n/a through 1.3.2. | 2025-08-14 | 9.8 | CVE-2025-54686 |
| setriosoft--BizCalendar Web | The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.50 via the 'bizcalv' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2025-08-15 | 7.5 | CVE-2025-7650 |
| Shabti Kaplan--Frontend Admin by DynamiApps | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3. | 2025-08-14 | 8.5 | CVE-2025-49267 |
| shen2-- | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 allows Reflected XSS. This issue affects 多说社会化评论框: from n/a through 1.2. | 2025-08-14 | 7.1 | CVE-2025-49056 |
| Siemens--Automation License Manager V6.0 | The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. | 2025-08-12 | 7.8 | CVE-2025-30033 |
| Siemens--Mendix SAML (Mendix 10.12 compatible) | A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. | 2025-08-14 | 8.7 | CVE-2025-40758 |
| Siemens--RUGGEDCOM ROX MX5000 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). Affected devices do not properly limit access through its Built-In-Self-Test (BIST) mode. This could allow an attacker with physical access to the serial interface to bypass authentication and get access to a root shell on the device. | 2025-08-12 | 7.6 | CVE-2025-40761 |
| Siemens--SIMATIC PCS neo V4.1 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions), TIA Portal Test Suite V20 (All versions). Affected products do not properly sanitize Interprocess Communication input received through a Windows Named Pipe accessible to all local users. This could allow an authenticated local attacker to cause a type confusion and execute arbitrary code within the affected application. | 2025-08-12 | 8.2 | CVE-2024-54678 |
| Siemens--SIMATIC RTLS Locating Manager | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges. | 2025-08-12 | 9.1 | CVE-2025-40746 |
| Siemens--SIMATIC S7-PLCSIM V17 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions). Affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. | 2025-08-12 | 7.8 | CVE-2025-40759 |
| Siemens--Simcenter Femap V2406 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted STP file. This could allow an attacker to execute code in the context of the current process.(ZDI-CAN-26692) | 2025-08-12 | 7.8 | CVE-2025-40762 |
| Siemens--Simcenter Femap V2406 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). The affected applications contains an out of bounds read vulnerability while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process. | 2025-08-12 | 7.8 | CVE-2025-40764 |
| Siemens--SINEC Traffic Analyzer | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources. | 2025-08-12 | 7.8 | CVE-2025-40767 |
| Siemens--SINEC Traffic Analyzer | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application. | 2025-08-12 | 7.3 | CVE-2025-40768 |
| Siemens--SINEC Traffic Analyzer | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks. | 2025-08-12 | 7.4 | CVE-2025-40769 |
| Siemens--SINEC Traffic Analyzer | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks. | 2025-08-12 | 7.4 | CVE-2025-40770 |
| Siemens--SINUMERIK 828D PPU.4 | A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1.15 (All versions < V1.15 SP5), SINUMERIK ONE (All versions < V6.25 SP1), SINUMERIK ONE V6.15 (All versions < V6.15 SP5). The affected application improperly validates authentication for its VNC access service, allowing access with insufficient password verification. This could allow an attacker to gain unauthorized remote access and potentially compromise system confidentiality, integrity, or availability. | 2025-08-12 | 8.3 | CVE-2025-40743 |
| Siemens--SIPROTEC 4 6MD61 | A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted. | 2025-08-12 | 7.5 | CVE-2024-52504 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application. | 2025-08-12 | 7.1 | CVE-2024-41979 |
| Soflyy--WP Dynamic Links | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links allows Reflected XSS. This issue affects WP Dynamic Links: from n/a through 1.0.1. | 2025-08-14 | 7.1 | CVE-2025-49038 |
| softnwords--SMM API | Missing Authorization vulnerability in softnwords SMM API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SMM API: from n/a through 6.0.30. | 2025-08-14 | 7.1 | CVE-2025-52785 |
| Sound Strategies--SoundSt SEO Search | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search allows Reflected XSS. This issue affects SoundSt SEO Search: from n/a through 1.2.3. | 2025-08-14 | 7.1 | CVE-2025-49058 |
| SourceCodester--Cashier Queuing System | A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8973 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 7.3 | CVE-2025-8926 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8953 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-08-14 | 7.3 | CVE-2025-8985 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8986 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. This affects an unknown part of the file /test-details.php. The manipulation of the argument remark leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8987 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. This vulnerability affects unknown code of the file /bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 7.3 | CVE-2025-8988 |
| SourceCodester--COVID 19 Testing Management System | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. This issue affects some unknown processing of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-08-14 | 7.3 | CVE-2025-8989 |
| SourceCodester--Online Bank Management System | A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. | 2025-08-15 | 7.3 | CVE-2025-9021 |
| SourceCodester--Online Bank Management System | A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. | 2025-08-15 | 7.3 | CVE-2025-9022 |
| Stirling-Tools--Stirling-PDF | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0. | 2025-08-11 | 8.6 | CVE-2025-55150 |
| Stirling-Tools--Stirling-PDF | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0. | 2025-08-11 | 8.6 | CVE-2025-55151 |
| Stirling-Tools--Stirling-PDF | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0. | 2025-08-11 | 8.6 | CVE-2025-55161 |
| stmcan--RT-Theme 18 | Extensions | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions allows PHP Local File Inclusion. This issue affects RT-Theme 18 | Extensions: from n/a through 2.4. | 2025-08-14 | 7.5 | CVE-2025-32288 |
| storychief--StoryChief | The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2025-08-16 | 9.8 | CVE-2025-7441 |
| Surbowl--dormitory-management-php | A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-15 | 7.3 | CVE-2025-9002 |
| Tenda--AC20 | A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 8.8 | CVE-2025-8939 |
| Tenda--AC20 | A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 8.8 | CVE-2025-8940 |
| Tenda--AC20 | A vulnerability was identified in Tenda AC20 16.03.08.12. This issue affects the function sub_46A2AC of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 8.8 | CVE-2025-9046 |
| Tenda--AC20 | A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-16 | 8.8 | CVE-2025-9087 |
| Tenda--AC20 | A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-16 | 8.8 | CVE-2025-9088 |
| Tenda--AC20 | A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-16 | 8.8 | CVE-2025-9089 |
| Tenda--AC7 | A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. Affected is the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 8.8 | CVE-2025-9023 |
| Tenda--CH22 | A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 8.8 | CVE-2025-9006 |
| Tenda--CH22 | A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 8.8 | CVE-2025-9007 |
| Tenda--TX3 | A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 8.8 | CVE-2025-8958 |
| thembay--Urna | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/a through 2.5.7. | 2025-08-14 | 8.1 | CVE-2025-54689 |
| ThemeAtelier--IDonatePro | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. This issue affects IDonatePro: from n/a through 2.1.9. | 2025-08-14 | 8.1 | CVE-2025-30635 |
| ThemeAtelier--IDonatePro | Missing Authorization vulnerability in ThemeAtelier IDonatePro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects IDonatePro: from n/a through 2.1.9. | 2025-08-14 | 7.5 | CVE-2025-30639 |
| themefunction--WordPress Event Manager, Event Calendar and Booking Plugin | Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24. | 2025-08-14 | 7.5 | CVE-2025-52731 |
| ThemeMove--Makeaholic | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4. | 2025-08-14 | 8.1 | CVE-2025-54700 |
| ThemeMove--Unicamp | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This issue affects Unicamp: from n/a through 2.6.3. | 2025-08-14 | 8.1 | CVE-2025-54701 |
| themeStek--Xinterio | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinterio: from n/a through 4.2. | 2025-08-14 | 8.1 | CVE-2025-54690 |
| themeum--Tutor LMS Pro | The Tutor LMS Pro - eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Tutor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only the Pro version is affected. | 2025-08-13 | 8.8 | CVE-2025-6184 |
| ThimPress--WP Pipes | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3. | 2025-08-14 | 8.1 | CVE-2025-28979 |
| tosend.it--Simple Poll | Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1. | 2025-08-14 | 7.1 | CVE-2025-49044 |
| uicore--UiCore Elements Free Elementor widgets and templates | The UiCore Elements - Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insufficient controls on the filename specified. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-08-12 | 7.5 | CVE-2025-6253 |
| Unity Business Technology Pty Ltd--The E-Commerce ERP | Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects The E-Commerce ERP: from n/a through 2.1.1.3. | 2025-08-14 | 7.3 | CVE-2025-52800 |
| ValvePress--Pinterest Automatic Pin | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. This issue affects Pinterest Automatic Pin: from n/a through n/a. | 2025-08-14 | 8.5 | CVE-2025-39510 |
| vertim--Neon Channel Product Customizer Free | Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0. | 2025-08-14 | 7.5 | CVE-2025-54679 |
| VonStroheim--TheBooking | Missing Authorization vulnerability in VonStroheim TheBooking allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects TheBooking: from n/a through 1.4.4. | 2025-08-14 | 7.3 | CVE-2025-52801 |
| WebCodingPlace--Responsive Posts Carousel WordPress Plugin | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0. | 2025-08-14 | 7.5 | CVE-2025-52728 |
| Webilop--User Language Switch | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch allows Reflected XSS. This issue affects User Language Switch: from n/a through 1.6.10. | 2025-08-14 | 7.1 | CVE-2025-49064 |
| WellChoose--Organization Portal System | Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. | 2025-08-13 | 9.8 | CVE-2025-8913 |
| WellChoose--Organization Portal System | Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | 2025-08-13 | 7.5 | CVE-2025-8912 |
| WinterChenS--my-site | A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. This vulnerability affects the function preHandle of the file /admin/ of the component Backend Interface. The manipulation of the argument uri leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The code maintainer responded to the issue that "[he] tried it, and using this link automatically redirects to the login page." | 2025-08-11 | 7.3 | CVE-2025-8838 |
| wipeoutmedia--CSS & JavaScript Toolbox | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n/a. | 2025-08-14 | 7.5 | CVE-2025-3703 |
| WP Royal Themes--News Magazine X | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Inclusion. This issue affects News Magazine X: from n/a through 1.2.37. | 2025-08-14 | 7.5 | CVE-2025-24766 |
| WP Swings--Membership For WooCommerce | Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.9.0. | 2025-08-14 | 7.5 | CVE-2025-54692 |
| WPFactory--Product XML Feed Manager for WooCommerce | Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code Inclusion. This issue affects Product XML Feed Manager for WooCommerce: from n/a through 2.9.3. | 2025-08-14 | 9.9 | CVE-2025-49887 |
| youki-dev--youki | Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5. | 2025-08-14 | 7 | CVE-2025-54867 |
| Zoom Communications Inc--Zoom Clients for Windows | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | 2025-08-12 | 9.6 | CVE-2025-49457 |
| ZoomIt--FoodMenu | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20. | 2025-08-14 | 7.1 | CVE-2025-29014 |
| ZoomIt--WooCommerce Shop Page Builder | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7. | 2025-08-14 | 7.1 | CVE-2025-28999 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Sales Management System | A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 4.3 | CVE-2025-8933 |
| 1000 Projects--Sales Management System | A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 4.3 | CVE-2025-8934 |
| 10up--Simple Local Avatars | The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. This is due to a missing capability check on the migrate_from_wp_user_avatar() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to migrate avatar metadata for all users. | 2025-08-12 | 4.3 | CVE-2025-8482 |
| AA Web Servant--12 Step Meeting List | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List allows Stored XSS. This issue affects 12 Step Meeting List: from n/a through 3.18.3. | 2025-08-14 | 6.5 | CVE-2025-54054 |
| ABB--Aspect | Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: All versions. | 2025-08-11 | 5.1 | CVE-2025-7677 |
| addix--Simple Responsive Slider | The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8690 |
| Adobe--Adobe Commerce | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. | 2025-08-12 | 5.9 | CVE-2025-49558 |
| Adobe--Adobe Commerce | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction. | 2025-08-12 | 5.3 | CVE-2025-49559 |
| Adobe--Adobe Framemaker | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54233 |
| Adobe--Animate | Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-49562 |
| Adobe--Dimension | Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54238 |
| Adobe--Illustrator | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-49567 |
| Adobe--Illustrator | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-49568 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54214 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54227 |
| Adobe--InDesign Desktop | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54228 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54186 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54197 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54198 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54199 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54200 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54201 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54202 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54203 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54204 |
| Adobe--Substance3D - Modeler | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54235 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54188 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54189 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54190 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54191 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54192 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54193 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54194 |
| Adobe--Substance3D - Painter | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54195 |
| Adobe--Substance3D - Sampler | Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-08-12 | 5.5 | CVE-2025-54205 |
| aide--aide | AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file. | 2025-08-14 | 6.2 | CVE-2025-54389 |
| aide--aide | AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems. | 2025-08-14 | 6.2 | CVE-2025-54409 |
| alobaidi--Alobaidi Captcha | The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-08-15 | 4.4 | CVE-2025-8080 |
| Amazon--ECS | We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. If customers cannot update to the latest AMI, they can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678). | 2025-08-14 | 4.3 | CVE-2025-9039 |
| AMI--AptioV | AMI APTIOV contains a vulnerability in BIOS where a user may cause "Improper Initialization" by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability. | 2025-08-12 | 4.2 | CVE-2025-22834 |
| anwppro--AnWP Football Leagues | The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. This makes it possible for authenticated attackers, with Administrator-level access and above, to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | 2025-08-12 | 4.8 | CVE-2025-8767 |
| artiosmedia--RSS Feed Pro | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro allows Stored XSS. This issue affects RSS Feed Pro: from n/a through 1.1.8. | 2025-08-14 | 5.9 | CVE-2025-53581 |
| ashanjay--EventON Events Calendar | The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to. | 2025-08-15 | 4.3 | CVE-2025-8091 |
| Ashish--AI Tools | Missing Authorization vulnerability in Ashish AI Tools allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Tools: from n/a through 4.0.7. | 2025-08-14 | 6.5 | CVE-2025-50029 |
| Astoundify--WP Modal Popup with Cookie Integration | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration allows Reflected XSS. This issue affects WP Modal Popup with Cookie Integration: from n/a through 2.4. | 2025-08-14 | 5.9 | CVE-2025-54683 |
| Axis Communications AB--AXIS OS | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 2025-08-12 | 6.7 | CVE-2025-30027 |
| Axis Communications AB--AXIS OS | ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | 2025-08-12 | 6.7 | CVE-2025-3892 |
| Ays Pro--Chartify | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify allows Cross Site Request Forgery. This issue affects Chartify: from n/a through 3.5.3. | 2025-08-14 | 4.3 | CVE-2025-54673 |
| ays-pro--Poll Maker Versus Polls, Anonymous Polls, Image Polls | The Poll Maker - Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response. | 2025-08-16 | 5.3 | CVE-2024-12575 |
| bcupham--Video Expander | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander allows Stored XSS. This issue affects Video Expander: from n/a through 1.0. | 2025-08-14 | 6.5 | CVE-2025-52771 |
| biscia7--Hide Text Shortcode | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode allows Stored XSS. This issue affects Hide Text Shortcode: from n/a through 1.1. | 2025-08-14 | 6.5 | CVE-2025-49051 |
| bobbingwide--oik | Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik allows Cross Site Request Forgery. This issue affects oik: from n/a through 4.15.2. | 2025-08-14 | 4.3 | CVE-2025-54671 |
| BoldGrid--Post and Page Builder by BoldGrid Visual Drag and Drop Editor | Path Traversal vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Path Traversal. This issue affects Post and Page Builder by BoldGrid - Visual Drag and Drop Editor: from n/a through 1.27.8. | 2025-08-14 | 4.2 | CVE-2025-52712 |
| Bosch Rexroth AG--ctrlX OS - Setup | A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps. | 2025-08-14 | 5.3 | CVE-2025-48861 |
| bPlugins--B Blocks | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks allows DOM-Based XSS. This issue affects B Blocks: from n/a through 2.0.5. | 2025-08-14 | 6.5 | CVE-2025-54708 |
| bplugins--B Slider- Gutenberg Slider Block for WP | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. This makes it possible for authenticated attackers, with subscriber-level access and above to extract sensitive data including installed plugin information. | 2025-08-15 | 4.3 | CVE-2025-8676 |
| bplugins--B Slider- Gutenberg Slider Block for WP | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. | 2025-08-15 | 4.3 | CVE-2025-8680 |
| bPlugins--Button Block | Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0. | 2025-08-14 | 4.3 | CVE-2025-54694 |
| Brainstorm Force--SureDash | Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash allows Retrieve Embedded Sensitive Data. This issue affects SureDash: from n/a through 1.1.0. | 2025-08-14 | 6.5 | CVE-2025-54685 |
| Brother Industries, Ltd--HL-L8260CDN | By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default administrator password. This flaw is similar to CVE-2024-51977, with the only difference being the protocol by which an attacker can use to learn the remote device's serial number. The eSCL/uscan vector is typically only exposed on the local network. Any discovery service that implements the eSCL specification can be used to exploit this vulnerability, and one such implementation is the runZero Explorer. Changing the default administrator password will render this vulnerability virtually worthless, since the calculated default administrator password would no longer be the correct password. | 2025-08-12 | 4.3 | CVE-2025-8452 |
| cartpauj--Shortcode Redirect | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect allows Stored XSS. This issue affects Shortcode Redirect: from n/a through 1.0.02. | 2025-08-14 | 6.5 | CVE-2025-54746 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root. | 2025-08-14 | 6 | CVE-2025-20237 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root. | 2025-08-14 | 6 | CVE-2025-20238 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device. | 2025-08-14 | 5.3 | CVE-2025-20219 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | 2025-08-14 | 5.8 | CVE-2025-20224 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | 2025-08-14 | 5.8 | CVE-2025-20252 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | 2025-08-14 | 5.8 | CVE-2025-20254 |
| Cisco--Cisco Adaptive Security Appliance (ASA) Software | A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is due to improper validation of incoming DHCP packets. An attacker could exploit this vulnerability by repeatedly sending crafted DHCPv4 packets to an affected device. A successful exploit could allow the attacker to exhaust available memory, which would affect availability of services and prevent new processes from starting, resulting in a Denial of Service (DoS) condition that would require a manual reboot. Note: On Cisco Secure FTD Software, this vulnerability does not affect management interfaces. | 2025-08-14 | 4.3 | CVE-2025-20135 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials. For more information about vulnerable scenarios, see the Details ["#details"] section of this advisory. | 2025-08-14 | 6 | CVE-2025-20220 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 2025-08-14 | 6.1 | CVE-2025-20235 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a troubleshoot file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to retrieve a troubleshoot file for a different domain, which could allow the attacker to access sensitive information contained in the troubleshoot file. | 2025-08-14 | 6.5 | CVE-2025-20301 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. | 2025-08-14 | 4.9 | CVE-2025-20218 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this vulnerability by directly accessing a generated report file for a different domain that is managed on the same Cisco Secure FMC instance. A successful exploit could allow the attacker to access a previously run report for a different domain, which could allow an attacker to read activity recorded in that domain. | 2025-08-14 | 4.3 | CVE-2025-20302 |
| Cisco--Cisco Firepower Management Center | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials. | 2025-08-14 | 4.9 | CVE-2025-20306 |
| Cisco--Cisco Firepower Threat Defense Software | A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists because the URL string is not fully parsed. An attacker could exploit this vulnerability by sending a crafted HTTP connection through the targeted device. A successful exploit could allow the attacker to bypass configured policies and gain access to a network where the connection should have been denied. | 2025-08-14 | 5.8 | CVE-2025-20268 |
| Cisco--IOS | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | 2025-08-14 | 5.8 | CVE-2025-20225 |
| code-projects--eBlog Site | A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 6.3 | CVE-2025-8859 |
| code-projects--Hostel Management System | A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 5.3 | CVE-2025-8962 |
| code-projects--Hostel Management System | A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 5.3 | CVE-2025-8964 |
| code-projects--Medical Store Management System | A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 6.3 | CVE-2025-8928 |
| code-projects--Medical Store Management System | A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 6.3 | CVE-2025-8929 |
| code-projects--Medical Store Management System | A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.3 | CVE-2025-8930 |
| code-projects--Medical Store Management System | A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.3 | CVE-2025-8931 |
| code-projects--Simple Cafe Ordering System | A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 6.3 | CVE-2025-9025 |
| codeablepress--CodeablePress | Missing Authorization vulnerability in codeablepress CodeablePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CodeablePress: from n/a through 1.0.0. | 2025-08-14 | 4.3 | CVE-2025-53221 |
| cozmoslabs--User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor | The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_communication_preferences[]' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when the GDPR Communication Preferences module is enabled and at least one GDPR Communication Preferences field has been added to the edit profile form. | 2025-08-16 | 6.4 | CVE-2025-8896 |
| CreativeMindsSolutions--CM On Demand Search And Replace | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Stored XSS. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2. | 2025-08-14 | 5.9 | CVE-2025-54727 |
| CreativeMindsSolutions--CM On Demand Search And Replace | Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace allows Cross Site Request Forgery. This issue affects CM On Demand Search And Replace: from n/a through 1.5.2. | 2025-08-14 | 4.3 | CVE-2025-54728 |
| CreativeThemes--Blocksy | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6. | 2025-08-14 | 5.9 | CVE-2025-55713 |
| CRM Perks--Connector for Gravity Forms and Google Sheets | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. | 2025-08-14 | 5.4 | CVE-2025-54682 |
| CRM Perks--Connector for Gravity Forms and Google Sheets | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. | 2025-08-14 | 4.7 | CVE-2025-54681 |
| CRM Perks--Integration for Contact Form 7 and Constant Contact | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.7. | 2025-08-14 | 5.9 | CVE-2025-54684 |
| Crocoblock--JetElements For Elementor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9. | 2025-08-14 | 6.5 | CVE-2025-55714 |
| Crocoblock--JetEngine | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2. | 2025-08-14 | 6.5 | CVE-2025-54688 |
| Crocoblock--JetProductGallery | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS. This issue affects JetProductGallery: from n/a through 2.2.0.2. | 2025-08-14 | 6.5 | CVE-2025-54749 |
| Crocoblock--JetTabs | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS. This issue affects JetTabs: from n/a through 2.2.9.1. | 2025-08-14 | 6.5 | CVE-2025-54687 |
| D-Link--DIR-619L | A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-14 | 6.6 | CVE-2025-8978 |
| D-Link--DIR818L | A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.3 | CVE-2025-8956 |
| Dariolee--Netease Music | Missing Authorization vulnerability in Dariolee Netease Music allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Netease Music: from n/a through 3.2.1. | 2025-08-14 | 4.3 | CVE-2025-49052 |
| delabon--Woocommerce Blocks Woolook | The Woocommerce Blocks - Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. Please note that this can also be exploited via CSRF techniques. | 2025-08-16 | 6.6 | CVE-2024-8393 |
| Dell--CloudLink | Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 2025-08-14 | 5.5 | CVE-2025-26484 |
| Dell--Data Lakehouse | Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | 2025-08-14 | 6.7 | CVE-2025-21110 |
| Dell--OpenManage Enterprise | Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | 2025-08-14 | 4.8 | CVE-2025-38745 |
| Dell--SupportAssist for Business PCs | SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | 2025-08-14 | 6.7 | CVE-2025-36612 |
| Dell--SupportAssist for Home PCs | SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | 2025-08-14 | 6.7 | CVE-2025-38738 |
| Dmitry V. (CEO of "UKR Solution")--Barcode Scanner with Inventory & Order Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager allows Path Traversal. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.9.0. | 2025-08-14 | 4.9 | CVE-2025-54715 |
| e-plugins--WP Membership | Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3. | 2025-08-14 | 5.4 | CVE-2025-54717 |
| earnware--Earnware Connect | The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ew_hasrole' shortcode in all versions up to, and including, 1.0.73 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-7651 |
| ebernstein--Inline Stock Quotes | The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8688 |
| elemntor--Elementor Website Builder More Than Just a Page Builder | The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-08-12 | 4.9 | CVE-2025-8081 |
| elinkcontent--elink Embed Content | The elink - Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain. | 2025-08-15 | 6.4 | CVE-2025-7507 |
| emarket-design--Project Management, Bug and Issue Tracking Plugin Software Issue Manager | The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8314 |
| emilien--Wp chart generator | The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8685 |
| evigeo--Gestion de tarifs | The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-08-15 | 6.5 | CVE-2025-7662 |
| F5--BIG-IP | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-08-13 | 5.3 | CVE-2025-54500 |
| FirebirdSQL--firebird | Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3. | 2025-08-15 | 5.3 | CVE-2025-54989 |
| flexostudio--flexo-social-gallery | Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery allows Cross Site Request Forgery. This issue affects flexo-social-gallery: from n/a through 1.0006. | 2025-08-14 | 4.3 | CVE-2025-52769 |
| Fortinet--FortiADC | An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. | 2025-08-12 | 6.6 | CVE-2025-49813 |
| Fortinet--FortiManager | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests. | 2025-08-12 | 5.2 | CVE-2024-52964 |
| Fortinet--FortiOS | An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. | 2025-08-12 | 6.8 | CVE-2025-53744 |
| Fortinet--FortiOS | An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests. | 2025-08-12 | 4.8 | CVE-2025-25248 |
| Fortinet--FortiPAM | A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | 2025-08-12 | 6.3 | CVE-2023-45584 |
| Fortinet--FortiRecorder | Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. | 2025-08-12 | 4.2 | CVE-2024-40588 |
| Fortinet--FortiSOAR | A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack. | 2025-08-12 | 6.4 | CVE-2024-48892 |
| Fortinet--FortiSOAR | An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests | 2025-08-12 | 6.2 | CVE-2025-32932 |
| Fortinet--FortiWeb | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands | 2025-08-12 | 6.7 | CVE-2025-27759 |
| Fortinet--FortiWeb | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands | 2025-08-12 | 6.3 | CVE-2025-32766 |
| Fortinet--FortiWeb | A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands. | 2025-08-12 | 6.5 | CVE-2025-47857 |
| FWDesign--Ultimate Video Player | Missing Authorization vulnerability in FWDesign Ultimate Video Player allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Video Player: from n/a through 10.1. | 2025-08-15 | 5.3 | CVE-2025-49432 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints. | 2025-08-13 | 6.5 | CVE-2024-10219 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role. | 2025-08-13 | 6.7 | CVE-2024-12303 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. | 2025-08-13 | 6.5 | CVE-2025-1477 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed. | 2025-08-13 | 6.5 | CVE-2025-2614 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature. | 2025-08-13 | 6.5 | CVE-2025-2937 |
| GitLab--GitLab | An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers. | 2025-08-13 | 6.5 | CVE-2025-8770 |
| GitLab--GitLab | An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. | 2025-08-13 | 5 | CVE-2025-5819 |
| glenwpcoder--Drag and Drop Multiple File Upload for Contact Form 7 | The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.3.9.0 via the wpcf7_guest_user_id cookie. This makes it possible for unauthenticated attackers to upload and delete files outside of the originally intended directory. The impact of this vulnerability is limited, as file types are validated and only safe ones can be uploaded, while deletion is limited to the plugin's uploads folder. | 2025-08-16 | 5.3 | CVE-2025-8464 |
| GoodLayers--Modernize | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize allows Stored XSS. This issue affects Modernize: from n/a through 3.4.0. | 2025-08-14 | 6.5 | CVE-2025-53342 |
| GoodLayers--Modernize | Missing Authorization vulnerability in GoodLayers Modernize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Modernize: from n/a through 3.4.0. | 2025-08-14 | 4.3 | CVE-2025-53343 |
| hakeemnala--Build App Online | Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online allows Cross Site Request Forgery. This issue affects Build App Online: from n/a through 1.0.23. | 2025-08-14 | 6.5 | CVE-2025-53249 |
| hashthemes--Easy Elementor Addons | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.2.6. | 2025-08-14 | 6.5 | CVE-2025-54704 |
| hashthemes--Easy Elementor Addons | Missing Authorization vulnerability in hashthemes Easy Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Easy Elementor Addons: from n/a through 2.2.7. | 2025-08-14 | 4.3 | CVE-2025-54712 |
| HasTech--HT Mega | Missing Authorization vulnerability in HasTech HT Mega allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HT Mega: from n/a through 2.9.0. | 2025-08-14 | 5.4 | CVE-2025-54695 |
| HCL Software--BigFix SaaS Remediate | HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform. | 2025-08-15 | 5.3 | CVE-2025-52619 |
| HCL Software--BigFix SaaS Remediate | HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning. | 2025-08-15 | 5.3 | CVE-2025-52621 |
| HCL Software--BigFix SaaS Remediate | HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries. | 2025-08-15 | 4.3 | CVE-2025-52618 |
| HCL Software--BigFix SaaS Remediate | HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | 2025-08-15 | 4.3 | CVE-2025-52620 |
| HCL Software--Connections Docs | HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. | 2025-08-14 | 4.8 | CVE-2025-31987 |
| helm--helm | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm. | 2025-08-13 | 6.5 | CVE-2025-55198 |
| helm--helm | Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero. | 2025-08-13 | 6.5 | CVE-2025-55199 |
| IBM--Storage TS4500 Library | IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-08-15 | 5.4 | CVE-2025-36088 |
| IBM--WebSphere Application Server | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | 2025-08-14 | 5.3 | CVE-2025-33142 |
| IBM--WebSphere Application Server Liberty | IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | 2025-08-14 | 5.3 | CVE-2025-36047 |
| IBM--WebSphere Application Server Liberty | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration | 2025-08-12 | 5.9 | CVE-2025-36124 |
| IBM--WebSphere Application Server Liberty | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-08-12 | 4.4 | CVE-2025-36000 |
| ImageMagick--ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, there is undefined behavior (function-type-mismatch) in splay tree cloning callback. This results in a deterministic abort under UBSan (DoS in sanitizer builds), with no crash in a non-sanitized build. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. | 2025-08-13 | 6.1 | CVE-2025-55160 |
| ImageMagick--ImageMagick | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. | 2025-08-13 | 5.5 | CVE-2025-55005 |
| imithemes--Eventer | Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer allows Code Injection. This issue affects Eventer: from n/a through 3.9.6. | 2025-08-14 | 6.5 | CVE-2025-39483 |
| inpersttion--Inpersttion For Theme | The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. This is due to the plugin not restricting what functions can be called. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server which is limited to arbitrary functions without any user supplied parameters. | 2025-08-15 | 6.3 | CVE-2025-8905 |
| inspectlet--Inspectlet – User Session Recording and Heatmaps | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps allows Stored XSS. This issue affects Inspectlet – User Session Recording and Heatmaps: from n/a through 2.0. | 2025-08-14 | 5.9 | CVE-2025-49048 |
| INSTAR--2K+ | A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 6.8 | CVE-2025-8762 |
| iqonicdesign--Graphina Elementor Charts and Graphs | The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficient input sanitization and output escaping on user supplied attributes such as chart categories, titles, and tooltip settings. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-15 | 6.4 | CVE-2025-8867 |
| Ivanti--Connect Secure | Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk. | 2025-08-12 | 5.5 | CVE-2025-5468 |
| Ivanti--Connect Secure | XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service | 2025-08-12 | 4.9 | CVE-2025-5466 |
| Ivanti--Virtual Application Delivery ControllerCWE-862 | Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password | 2025-08-12 | 6.5 | CVE-2025-8310 |
| janyksteenbeek--LatestCheckins | The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-16 | 6.1 | CVE-2025-7683 |
| jason-lau--Add User Meta | The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-15 | 6.1 | CVE-2025-7688 |
| jeecgboot--JimuReport | A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | 2025-08-14 | 6.3 | CVE-2025-8963 |
| Jordy Meow--Photo Engine | Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine allows Cross Site Request Forgery. This issue affects Photo Engine: from n/a through 6.4.3. | 2025-08-14 | 4.3 | CVE-2025-54672 |
| kadesthemes--WP Airdrop Manager | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager allows Stored XSS. This issue affects WP Airdrop Manager: from n/a through 1.0.5. | 2025-08-14 | 5.9 | CVE-2025-49053 |
| kanboard--kanboard | Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter is a valid task id, nor does it check for path traversal. As a result, a malicious actor could write a file anywhere on the system the app user controls. The impact is limited due to the filename being hashed and having no extension. This issue has been patched in version 1.2.47. | 2025-08-12 | 6.4 | CVE-2025-55011 |
| keeross--DigitalOcean Spaces Sync | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync allows Stored XSS. This issue affects DigitalOcean Spaces Sync: from n/a through 2.2.1. | 2025-08-14 | 5.9 | CVE-2025-49047 |
| kodeshpa--Simplified | Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified allows Server Side Request Forgery. This issue affects Simplified: from n/a through 1.0.9. | 2025-08-14 | 5.5 | CVE-2025-53241 |
| Laborator--Kalium | Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3. | 2025-08-14 | 4.3 | CVE-2025-53347 |
| LabRedesCefetRJ--WeGIA | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the verificacao and redir_config parameter. This issue has been patched in version 3.4.8. | 2025-08-12 | 6.5 | CVE-2025-55170 |
| LCweb--Global Gallery | Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Global Gallery: from n/a through 9.2.3. | 2025-08-14 | 6.5 | CVE-2025-52721 |
| Linksys--RE6250 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8821 |
| Linksys--RE6250 | A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8823 |
| Linksys--RE6250 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8825 |
| Linksys--RE6250 | A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8827 |
| Linksys--RE6250 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8828 |
| Linksys--RE6250 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8829 |
| Linksys--RE6250 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-11 | 6.3 | CVE-2025-8830 |
| linlinjava--litemall | A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.3 | CVE-2025-8965 |
| linlinjava--litemall | A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to business logic errors. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 4.3 | CVE-2025-8991 |
| lisensee--NetInsight Analytics Implementation Plugin | Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin allows Cross Site Request Forgery. This issue affects NetInsight Analytics Implementation Plugin: from n/a through 1.0.3. | 2025-08-14 | 4.3 | CVE-2025-52767 |
| litonice13--Master Addons Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations | The Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8874 |
| lmyoaoa--weichuncai(WP) | The weichuncai(WP伪春èœ) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-16 | 6.1 | CVE-2025-7686 |
| luuptek--Embed Bokun | The Embed Bokun plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 0.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-6221 |
| magepeopleteam--WpEvently | Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6. | 2025-08-14 | 4.3 | CVE-2025-54705 |
| makeplane--plane | Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users' browsers. The description_html field is not properly sanitized or escaped. An attacker can submit crafted JavaScript payloads that are saved in the application's database. When another user views the affected content, the injected code executes in their browser, running in the application's context and bypassing standard security protections. Successful exploitation can lead to session hijacking, theft of sensitive information, or forced redirection to malicious sites. The vulnerability can also be chained with CSRF attacks to perform unauthorized actions, or leveraged to distribute malware and exploit additional browser vulnerabilities. This issue has been patched in version 0.28.0. | 2025-08-15 | 5.4 | CVE-2025-55203 |
| masteriyo--Masteriyo - LMS | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3. | 2025-08-14 | 6.5 | CVE-2025-54699 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint. | 2025-08-11 | 6.4 | CVE-2025-48731 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. | 2025-08-11 | 5.9 | CVE-2025-53514 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint. | 2025-08-11 | 5 | CVE-2025-54458 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. | 2025-08-11 | 5.9 | CVE-2025-54463 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint. | 2025-08-11 | 4 | CVE-2025-44001 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint. | 2025-08-11 | 4 | CVE-2025-53910 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. | 2025-08-11 | 4 | CVE-2025-8285 |
| mdempfle--Advanced iFrame | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 5.4 | CVE-2025-8089 |
| Michael Nelson--Print My Blog | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog allows Stored XSS. This issue affects Print My Blog: from n/a through 3.27.9. | 2025-08-14 | 6.5 | CVE-2025-54740 |
| Microsoft--Azure Stack Hub | Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | 2025-08-12 | 4.4 | CVE-2025-53765 |
| Microsoft--Microsoft Dynamics 365 (on-premises) version 9.1 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | 2025-08-12 | 6.5 | CVE-2025-53728 |
| Microsoft--Microsoft Dynamics 365 (on-premises) version 9.1 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 5.4 | CVE-2025-49745 |
| Microsoft--Microsoft Edge for Android | The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 4.3 | CVE-2025-49736 |
| Microsoft--Microsoft Edge for Android | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 4.3 | CVE-2025-49755 |
| Microsoft--Microsoft Exchange Server 2019 Cumulative Update 14 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | 2025-08-12 | 6.5 | CVE-2025-25005 |
| Microsoft--Microsoft Exchange Server 2019 Cumulative Update 15 | Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 5.3 | CVE-2025-25006 |
| Microsoft--Microsoft Exchange Server Subscription Edition RTM | Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 2025-08-12 | 5.3 | CVE-2025-25007 |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | 2025-08-12 | 6.8 | CVE-2025-53736 |
| Microsoft--Windows 10 Version 1809 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 2025-08-12 | 6.7 | CVE-2025-49743 |
| Microsoft--Windows 10 Version 1809 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | 2025-08-12 | 6.8 | CVE-2025-49751 |
| Microsoft--Windows 10 Version 1809 | Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. | 2025-08-12 | 6.5 | CVE-2025-50166 |
| Microsoft--Windows 10 Version 1809 | Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. | 2025-08-12 | 6.5 | CVE-2025-50172 |
| Microsoft--Windows 10 Version 1809 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | 2025-08-12 | 6.5 | CVE-2025-53716 |
| Microsoft--Windows 10 Version 1809 | Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. | 2025-08-12 | 5.5 | CVE-2025-53136 |
| Microsoft--Windows Security App | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | 2025-08-12 | 5.5 | CVE-2025-53769 |
| Microsoft--Windows Server 2019 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | 2025-08-12 | 5.7 | CVE-2025-50156 |
| Microsoft--Windows Server 2019 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | 2025-08-12 | 5.7 | CVE-2025-50157 |
| Microsoft--Windows Server 2019 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | 2025-08-12 | 5.7 | CVE-2025-53138 |
| Microsoft--Windows Server 2019 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | 2025-08-12 | 5.7 | CVE-2025-53148 |
| Microsoft--Windows Server 2019 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | 2025-08-12 | 5.7 | CVE-2025-53153 |
| Microsoft--Windows Server 2019 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | 2025-08-12 | 5.7 | CVE-2025-53719 |
| Microsoft--Windows Server 2025 (Server Core installation) | Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. | 2025-08-12 | 5.5 | CVE-2025-53156 |
| mklacroix--Product Configurator for WooCommerce | Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4. | 2025-08-14 | 5.4 | CVE-2025-54674 |
| morehawes--Plugin README Parser | The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-15 | 6.4 | CVE-2025-8720 |
| moshensky--CF7 Spreadsheets | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets allows Stored XSS. This issue affects CF7 Spreadsheets: from n/a through 2.3.2. | 2025-08-14 | 6.5 | CVE-2025-50040 |
| motov.net--Ebook Store | Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store allows Cross Site Request Forgery. This issue affects Ebook Store: from n/a through 5.8013. | 2025-08-14 | 4.3 | CVE-2025-54702 |
| mtons--mblog | A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 4.3 | CVE-2025-8992 |
| n/a--AI Playground software | Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-27559 |
| n/a--BuzzFeed App | A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-08-17 | 5.3 | CVE-2025-9093 |
| n/a--Clock Jitter Tool software | Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20092 |
| n/a--Device Plugins for Kubernetes software maintained by Intel | Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. | 2025-08-12 | 4.4 | CVE-2025-24313 |
| n/a--Edge Orchestrator software | Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | 2025-08-12 | 6.6 | CVE-2025-24921 |
| n/a--Edge Orchestrator software | Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2025-08-12 | 5.8 | CVE-2025-24840 |
| n/a--Edge Orchestrator software | Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-08-12 | 5.7 | CVE-2025-26472 |
| n/a--Edge Orchestrator software | Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 2025-08-12 | 5.5 | CVE-2025-27537 |
| N/A--Fedora | The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. | 2025-08-15 | 4.1 | CVE-2023-5342 |
| n/a--firmware for the Intel(R) E810 Ethernet | Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. | 2025-08-12 | 6 | CVE-2025-24296 |
| n/a--firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software | Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.5 | CVE-2025-24323 |
| n/a--Intel(R) AI for Enterprise Retrieval-augmented Generation software | Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-24923 |
| n/a--Intel(R) AMT and Intel(R) Standard Manageability | Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. | 2025-08-12 | 4.4 | CVE-2025-22392 |
| n/a--Intel(R) Arc(TM) B-Series graphics | Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access. | 2025-08-12 | 6.5 | CVE-2025-24835 |
| n/a--Intel(R) CSME and Intel(R) SPS | Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access. | 2025-08-12 | 6 | CVE-2025-20067 |
| n/a--Intel(R) Distribution for Python software installers | Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-26470 |
| n/a--Intel(R) Driver & Support Assistant Tool software | Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-21093 |
| n/a--Intel(R) DSA software | Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-26404 |
| n/a--Intel(R) Graphics Driver software | Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access | 2025-08-12 | 6.7 | CVE-2025-27717 |
| n/a--Intel(R) Graphics Driver software installers | Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20023 |
| n/a--Intel(R) Graphics Drivers | NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | 2025-08-12 | 6.5 | CVE-2025-24515 |
| n/a--Intel(R) oneAPI DPC++/C++ Compiler software | Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20627 |
| n/a--Intel(R) oneAPI DPC++/C++ Compiler software installers | Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20087 |
| n/a--Intel(R) oneAPI Toolkit and component software installers | Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20017 |
| n/a--Intel(R) QuickAssist Technology software | Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. | 2025-08-12 | 5.5 | CVE-2025-20090 |
| n/a--Intel(R) Rapid Storage Technology installation software | Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20099 |
| n/a--Intel(R) RealSense(TM) Dynamic Calibrator software | Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-22838 |
| n/a--Intel(R) reference server platforms | Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via local access. | 2025-08-12 | 5.3 | CVE-2025-20077 |
| n/a--Intel(R) TDX Module firmware | Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 4.1 | CVE-2025-20044 |
| n/a--Intel(R) TDX module software | Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. | 2025-08-12 | 5.6 | CVE-2024-33607 |
| n/a--Intel(R) Trace Analyzer and Collector software | Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-20048 |
| n/a--Intel(R) Xeon(R) processors | Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. | 2025-08-12 | 6.5 | CVE-2025-21090 |
| n/a--JasPer | A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a. It is recommended to apply a patch to fix this issue. | 2025-08-11 | 5.3 | CVE-2025-8837 |
| n/a--jshERP | A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 6.3 | CVE-2025-8839 |
| n/a--jshERP | A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947. | 2025-08-11 | 5.4 | CVE-2025-8840 |
| n/a--LemonOS | A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 5.3 | CVE-2025-9001 |
| n/a--LibTIFF | A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The patch is identified as 8a7a48d7a645992ca83062b3a1873c951661e2b3. It is recommended to apply a patch to fix this issue. | 2025-08-11 | 5.3 | CVE-2025-8851 |
| n/a--ThingsBoard | A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)." | 2025-08-17 | 4.3 | CVE-2025-9094 |
| n/a--TinyCBOR libraries maintained by Intel(R) | Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 6.7 | CVE-2025-24302 |
| n/a--TinyCBOR libraries maintained by Intel(R) | Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. | 2025-08-12 | 4.4 | CVE-2025-20025 |
| NASM--Netwide Assember | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 5.3 | CVE-2025-8842 |
| NASM--Netwide Assember | A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 5.3 | CVE-2025-8843 |
| NASM--Netwide Assember | A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 5.3 | CVE-2025-8845 |
| NASM--Netwide Assember | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 5.3 | CVE-2025-8846 |
| nikelschubert--Easy restaurant menu manager | The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-13 | 4.3 | CVE-2025-8491 |
| nimeshrmr--WP Private Content Plus | The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. This makes it possible for unauthenticated attackers to extract sensitive data including the content of resticted posts on archive and feed pages. | 2025-08-12 | 5.3 | CVE-2025-4390 |
| ninjateam--File Manager Pro Filester | Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users. | 2025-08-13 | 6.5 | CVE-2025-0818 |
| Noor Alam--Magical Posts Display | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52. | 2025-08-14 | 6.5 | CVE-2025-54706 |
| NordicMade--Savoy | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy allows Retrieve Embedded Sensitive Data. This issue affects Savoy: from n/a through 3.0.8. | 2025-08-14 | 5.3 | CVE-2025-54736 |
| oceanwp--OceanWP | The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-13 | 4.3 | CVE-2025-8891 |
| odn--Mosaic Generator | The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8621 |
| ome--omero-web | OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. | 2025-08-13 | 5.3 | CVE-2025-54791 |
| Omnissa--Omnissa Workspace ONE UEM | Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources. | 2025-08-11 | 5.4 | CVE-2025-25229 |
| PARETO Digital--Embedder for Google Reviews | Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embedder for Google Reviews: from n/a through 1.7.3. | 2025-08-14 | 5.3 | CVE-2025-54730 |
| Part-DB--Part-DB-server | Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .jpg.txt), resulting in a persistent 500 Internal Server Error when attempting to view or edit that user's profile. This makes the profile permanently inaccessible via the UI for both users and administrators, constituting a Denial of Service (DoS) within the user management interface. This issue has been patched in version 1.17.3. | 2025-08-13 | 5.7 | CVE-2025-55194 |
| pencidesign--Soledad | The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pcsml_smartlists_h' parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-8143 |
| perteus--Porn Videos Embed | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed allows Stored XSS. This issue affects Porn Videos Embed: from n/a through 0.9.1. | 2025-08-14 | 6.5 | CVE-2025-49061 |
| PHPGurukul--Zoo Management System | A vulnerability has been found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-foreigner-ticket.php. The manipulation of the argument visitorname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 4.3 | CVE-2025-9017 |
| pl4g4--WP-Database-Optimizer-Tools | Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools allows Cross Site Request Forgery. This issue affects WP-Database-Optimizer-Tools: from n/a through 0.2. | 2025-08-14 | 5.4 | CVE-2025-53219 |
| POSIMYTH--Nexter Blocks | Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexter Blocks: from n/a through 4.5.4. | 2025-08-14 | 5.3 | CVE-2025-54739 |
| POSIMYTH--The Plus Addons for Elementor Page Builder Lite | Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13. | 2025-08-14 | 6.5 | CVE-2025-55712 |
| prabode--GMap Generator | The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'h' parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8568 |
| PressForward--PressForward | Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward allows Server Side Request Forgery. This issue affects PressForward: from n/a through 5.9.1. | 2025-08-14 | 6.4 | CVE-2025-28987 |
| Prince--Integrate Google Drive | Cross-Site Request Forgery (CSRF) vulnerability in Prince Integrate Google Drive allows Cross Site Request Forgery. This issue affects Integrate Google Drive: from n/a through 1.5.2. | 2025-08-14 | 4.3 | CVE-2025-54703 |
| properfraction--Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content ProfilePress | The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-08-16 | 6.5 | CVE-2025-8878 |
| PX4--PX4-Autopilot | A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. This issue affects the function MavlinkReceiver::handle_message_serial_control of the file src/modules/mavlink/mavlink_receiver.cpp of the component Mavlink Shell Closing Handler. The manipulation of the argument _mavlink_shell leads to use after free. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is 4395d4f00c49b888f030f5b43e2a779f1fa78708. It is recommended to apply a patch to fix this issue. | 2025-08-15 | 4.5 | CVE-2025-9020 |
| RadiusTheme--Classified Listing | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0. | 2025-08-14 | 5.4 | CVE-2025-54698 |
| remysharp--Last.fm Recent Album Artwork | The Last.fm Recent Album Artwork plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the 'lastfm_albums_artwork.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-16 | 6.1 | CVE-2025-7684 |
| reubenthiessen--Translate This gTranslate Shortcode | The Translate This gTranslate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'base_lang' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-8719 |
| risetheme--RT Easy Builder Advanced addons for Elementor | The RT Easy Builder - Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-12 | 6.4 | CVE-2025-8462 |
| Saad Iqbal--myCred | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred allows Stored XSS. This issue affects myCred: from n/a through 2.9.4.3. | 2025-08-14 | 6.5 | CVE-2025-54668 |
| Saad Iqbal--myCred | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This issue affects myCred: from n/a through 2.9.4.3. | 2025-08-14 | 5.3 | CVE-2025-54667 |
| SAP_SE--ABAP Platform | Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected. | 2025-08-12 | 4.9 | CVE-2025-42949 |
| SAP_SE--SAP GUI for Windows | SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality. | 2025-08-12 | 4.5 | CVE-2025-42943 |
| SAP_SE--SAP NetWeaver ABAP Platform | Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim�s browser. | 2025-08-12 | 6.1 | CVE-2025-42948 |
| SAP_SE--SAP NetWeaver Application Server ABAP | SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability. | 2025-08-12 | 6.1 | CVE-2025-42945 |
| SAP_SE--SAP NetWeaver Application Server ABAP (BIC Document) | SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability. | 2025-08-12 | 6.1 | CVE-2025-42975 |
| SAP_SE--SAP NetWeaver Application Server for ABAP | SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application. | 2025-08-12 | 6.1 | CVE-2025-42942 |
| SAP_SE--SAP NetWeaver Application Server for ABAP | The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability. | 2025-08-12 | 5.4 | CVE-2025-42936 |
| SAP_SE--SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) | The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability. | 2025-08-12 | 4.1 | CVE-2025-42935 |
| SAP_SE--SAP S/4HANA (Bank Communication Management) | Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacker to potentially read or delete these files hence causing a high impact on confidentiality and low impact on integrity. There is no impact on availability of the system. | 2025-08-12 | 6.9 | CVE-2025-42946 |
| SAP_SE--SAP S/4HANA (Supplier invoice) | SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites' configuration by injecting line feed (LF) characters into application inputs. This vulnerability has a low impact on the application's integrity and no impact on confidentiality or availability. | 2025-08-12 | 4.3 | CVE-2025-42934 |
| Shahjada--WPDM Premium Packages | Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM - Premium Packages allows Cross Site Request Forgery. This issue affects WPDM - Premium Packages: from n/a through 6.0.2. | 2025-08-14 | 4.3 | CVE-2025-54732 |
| Shanghai Lingdang Information Technology--Lingdang CRM | A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.6.5 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+." | 2025-08-13 | 6.3 | CVE-2025-8908 |
| Siemens--POWER METER SICAM Q100 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes. | 2025-08-12 | 6.2 | CVE-2025-40752 |
| Siemens--POWER METER SICAM Q100 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q200 family (All versions >= V2.70 < V2.80). Affected devices export the password for the SMTP account as plain text in the Configuration File. This could allow an authenticated local attacker to extract it and use the configured SMTP service for arbitrary purposes. | 2025-08-12 | 6.2 | CVE-2025-40753 |
| Siemens--RUGGEDCOM ROX MX5000 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX RX1510 (All versions), RUGGEDCOM ROX RX1511 (All versions), RUGGEDCOM ROX RX1512 (All versions), RUGGEDCOM ROX RX1524 (All versions), RUGGEDCOM ROX RX1536 (All versions), RUGGEDCOM ROX RX5000 (All versions). The affected devices do not properly enforce the restriction of files that can be uploaded from the web interface. This could allow an authenticated remote attacker with high privileges in the web interface to upload arbitrary files. | 2025-08-12 | 4.1 | CVE-2025-33023 |
| Siemens--SIMATIC RTLS Locating Manager | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected devices do not properly validate input sent to its listening port on the local loopback interface. This could allow an unauthenticated local attacker to cause a denial of service condition. | 2025-08-12 | 6.2 | CVE-2025-30034 |
| Siemens--SIMATIC RTLS Locating Manager | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credentials and use them to escalate their access rights from the Manager to the Systemadministrator role. | 2025-08-12 | 6.3 | CVE-2025-40751 |
| Siemens--SIMOTION SCOUT TIA V5.4 | A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION SCOUT V5.4 (All versions), SIMOTION SCOUT V5.5 (All versions), SIMOTION SCOUT V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT V5.7 (All versions < V5.7 SP1 HF1), SINAMICS STARTER V5.5 (All versions), SINAMICS STARTER V5.6 (All versions), SINAMICS STARTER V5.7 (All versions). The affected application contains a XML External Entity Injection (XXE) vulnerability while parsing specially crafted XML files. This could allow an attacker to read arbitrary files in the system. | 2025-08-12 | 5.5 | CVE-2025-40584 |
| Siemens--SINEC Traffic Analyzer | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. | 2025-08-12 | 5.5 | CVE-2025-40766 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application support insecure TLS 1.0 and 1.1 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. | 2025-08-12 | 6.4 | CVE-2024-41986 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not have adequate encryption of sensitive information. This could allow an authenticated attacker to gain access of sensitive information. | 2025-08-12 | 4.8 | CVE-2024-41982 |
| SolarWinds--Database Performance Analyzer | SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host. | 2025-08-12 | 5.6 | CVE-2025-26398 |
| Sparkle Themes--Blogger Buzz | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle Themes Blogger Buzz allows Stored XSS. This issue affects Blogger Buzz: from n/a through 1.2.6. | 2025-08-14 | 6.5 | CVE-2025-54680 |
| stefanoai--Advanced Google Universal Analytics | Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Google Universal Analytics: from n/a through 1.0.3. | 2025-08-14 | 6.5 | CVE-2025-28962 |
| Steve Burge--TaxoPress | Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.37.2. | 2025-08-14 | 4.3 | CVE-2025-55710 |
| Stylemix--Motors | Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80. | 2025-08-14 | 5.3 | CVE-2025-54691 |
| surbma--Surbma | Recent Comments Shortcode | The Surbma | Recent Comments Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'recent-comments' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-7649 |
| syedamirhussain91--DB Backup | Missing Authorization vulnerability in syedamirhussain91 DB Backup allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DB Backup: from n/a through 6.0. | 2025-08-14 | 6.5 | CVE-2025-50031 |
| techlabpro1--Radius Blocks WordPress Gutenberg Blocks | The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subHeadingTagName' parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-15 | 6.4 | CVE-2025-5844 |
| Tenda--AC15 | A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.6 | CVE-2025-8979 |
| Tenda--AC20 | A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-17 | 6.3 | CVE-2025-9090 |
| Tenda--G1 | A vulnerability has been found in Tenda G1 16.01.7.8(3660). Affected by this issue is the function check_upload_file of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.6 | CVE-2025-8980 |
| ThanhD--Supermalink | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink allows DOM-Based XSS. This issue affects Supermalink: from n/a through 1.1. | 2025-08-14 | 6.5 | CVE-2025-49433 |
| Theerawat Patthawee--Intl DateTime Calendar | The Intl DateTime Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'date' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-8293 |
| themefunction--WordPress Event Manager, Event Calendar and Booking Plugin | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Stored XSS. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24. | 2025-08-14 | 6.5 | CVE-2025-52730 |
| Themovation--Stratus | Missing Authorization vulnerability in Themovation Stratus allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Stratus: from n/a through 4.2.5. | 2025-08-14 | 4.3 | CVE-2025-53341 |
| TianoCore--EDK2 | EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | 2025-08-12 | 6.3 | CVE-2024-38805 |
| timothyja--Linux Promotional Plugin | The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-08-16 | 6.1 | CVE-2025-7668 |
| TOTOLINK--N350R | A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. This vulnerability affects unknown code of the file /boafrm/formSysCmd. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.3 | CVE-2025-8937 |
| TOTOLINK--N350R | A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. This issue affects the function formSysTel of the file /boafrm/formSysTel of the component Telnet Service. The manipulation of the argument TelEnabled leads to backdoor. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 6.3 | CVE-2025-8938 |
| vcita--Online Booking & Scheduling Calendar for WordPress by vcita | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3. | 2025-08-14 | 6.5 | CVE-2025-54676 |
| VeronaLabs--WP Statistics | Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15. | 2025-08-14 | 4.3 | CVE-2025-55716 |
| VillaTheme--Thank You Page Customizer for WooCommerce Increase Your Sales | Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce - Increase Your Sales allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thank You Page Customizer for WooCommerce - Increase Your Sales: from n/a through 1.1.7. | 2025-08-14 | 6.5 | CVE-2025-30993 |
| Visual Composer--Visual Composer Website Builder | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through n/a. | 2025-08-14 | 6.5 | CVE-2025-55709 |
| Webba Appointment Booking--Webba Booking | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking allows Stored XSS. This issue affects Webba Booking: from n/a through 6.0.5. | 2025-08-14 | 5.9 | CVE-2025-54729 |
| WellChoose--Organization Portal System | Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. | 2025-08-13 | 6.5 | CVE-2025-8909 |
| WellChoose--Organization Portal System | Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | 2025-08-13 | 6.1 | CVE-2025-8910 |
| WellChoose--Organization Portal System | Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. | 2025-08-13 | 6.1 | CVE-2025-8911 |
| WellChoose--Organization Portal System | Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | 2025-08-13 | 6.5 | CVE-2025-8914 |
| Wetail--WooCommerce Fortnox Integration | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration allows Stored XSS. This issue affects WooCommerce Fortnox Integration: from n/a through 4.5.6. | 2025-08-14 | 6.5 | CVE-2025-47610 |
| WordLift--WordLift | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift allows Stored XSS. This issue affects WordLift: from n/a through 3.54.5. | 2025-08-14 | 6.5 | CVE-2025-53582 |
| worstguy--WP LOL Rotation | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation allows Stored XSS. This issue affects WP LOL Rotation: from n/a through 1.0. | 2025-08-14 | 6.5 | CVE-2025-49437 |
| WP Table Builder--WP Table Builder | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Table Builder: from n/a through 2.0.12. | 2025-08-14 | 6.5 | CVE-2025-55711 |
| wpbakery--Templatera | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera allows DOM-Based XSS. This issue affects Templatera: from n/a through 2.3.0. | 2025-08-14 | 6.5 | CVE-2025-54747 |
| WPBits--WPBITS Addons For Elementor Page Builder | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5. | 2025-08-14 | 6.5 | CVE-2024-37945 |
| wpdevteam--BetterDocs Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers | The BetterDocs - Advanced AI-Driven Documentation, FAQ & Knowledge Base Tool for Elementor & Gutenberg with Encyclopedia, AI Support, Instant Answers plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_response function in all versions up to and including 4.1.1. This makes it possible for unauthenticated attackers to retrieve passwords for password-protected documents as well as the metadata of private and draft documents. | 2025-08-16 | 5.3 | CVE-2025-7499 |
| wpdevteam--Essential Addons for Elementor Popular Elementor Templates & Widgets | The Essential Addons for Elementor - Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-gallery-items' parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-15 | 6.4 | CVE-2025-8451 |
| WpEstate--WP Rentals | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals allows Stored XSS. This issue affects WP Rentals: from n/a through 3.13.1. | 2025-08-14 | 6.5 | CVE-2025-53330 |
| WPFunnels--WPFunnels | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels allows Stored XSS. This issue affects WPFunnels: from n/a through 3.5.26. | 2025-08-14 | 6.5 | CVE-2025-54696 |
| wptb--WP Table Builder WordPress Table Plugin | The WP Table Builder - WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-15 | 6.4 | CVE-2025-8604 |
| WuKongOpenSource--WukongCRM | A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 4.3 | CVE-2025-8852 |
| Xolluteon--Dropshix | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14. | 2025-08-15 | 5.9 | CVE-2025-49898 |
| yeashir--Anber Elementor Addon | Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $anber_item['button_link']['url']' parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-7439 |
| yeashir--Anber Elementor Addon | The Anber Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $item['button_link']['url'] parameter in all versions up to, and including, 1.0.1 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-08-16 | 6.4 | CVE-2025-7440 |
| YITHEMES--YITH WooCommerce Popup | Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup allows Cross Site Request Forgery. This issue affects YITH WooCommerce Popup: from n/a through 1.48.0. | 2025-08-14 | 4.3 | CVE-2025-54675 |
| zlt2000--microservices-platform | A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 6.3 | CVE-2025-8841 |
| Zoom Communications Inc--Zoom Clients for Windows | Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | 2025-08-12 | 6.2 | CVE-2025-49456 |
| ZTE--F50 | There is an unauthorized access vulnerability in ZTE F50. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface | 2025-08-15 | 5.7 | CVE-2025-26709 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| backstage--backstage | @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passed through to fetch:template there is no impact. This issue has been resolved in 2.1.1 of the scaffolder-backend plugin. A workaround for this issue involves Template Authors removing the use of ${{ secrets }} being used as an argument to fetch:template. | 2025-08-15 | 2.6 | CVE-2025-55285 |
| Buttercup--buttercup-browser-extension | A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The identifier of the patch is 89. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-15 | 3.1 | CVE-2017-20199 |
| D-Link--DIR-818LW | A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. | 2025-08-15 | 3.5 | CVE-2025-9003 |
| Dell--PowerEdge | Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 2025-08-14 | 3.8 | CVE-2025-36581 |
| Dell--SupportAssist for Home PCs | SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. | 2025-08-14 | 2.8 | CVE-2025-36613 |
| ExpressGateway--express-gateway | A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-17 | 3.5 | CVE-2025-9095 |
| ExpressGateway--express-gateway | A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-17 | 3.5 | CVE-2025-9096 |
| F5--NGINX Plus | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2025-08-13 | 3.7 | CVE-2025-53859 |
| GitLab--GitLab | An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. | 2025-08-13 | 3.1 | CVE-2025-2498 |
| givanz--Vvveb | A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named 84c11d69df8452dc378feecd17e2a62ac10dac66. It is recommended to upgrade the affected component. | 2025-08-14 | 3.5 | CVE-2025-8975 |
| givanz--Vvveb | A vulnerability has been found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/index.php?module=content/post&type=post of the component Endpoint. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. It is recommended to upgrade the affected component. | 2025-08-14 | 3.5 | CVE-2025-8976 |
| HCL Software--Connections | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | 2025-08-15 | 3.7 | CVE-2025-31961 |
| JCG--Link-net LW-N915R | A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack remotely. | 2025-08-11 | 2.4 | CVE-2025-8834 |
| linlinjava--litemall | A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 3.7 | CVE-2025-8974 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint. | 2025-08-11 | 3.7 | CVE-2025-49221 |
| Mattermost--Mattermost Confluence Plugin | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChannelSubscriptions endpoint. | 2025-08-11 | 3.7 | CVE-2025-53857 |
| mtons--mblog | A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-13 | 3.7 | CVE-2025-8927 |
| mtons--mblog | A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 3.7 | CVE-2025-9004 |
| mtons--mblog | A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-15 | 3.7 | CVE-2025-9005 |
| n/a--Edge Orchestrator software | Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-08-12 | 3.5 | CVE-2025-24523 |
| n/a--Edge Orchestrator software | Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-08-12 | 3.5 | CVE-2025-27250 |
| n/a--Edge Orchestrator software | Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of service via local access. | 2025-08-12 | 2.9 | CVE-2025-27576 |
| n/a--Edge Orchestrator software | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | 2025-08-12 | 2.6 | CVE-2025-27707 |
| n/a--Intel(R) 700 Series Ethernet | Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. | 2025-08-12 | 3.3 | CVE-2025-26697 |
| n/a--Intel(R) 700 Series Ethernet | Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. | 2025-08-12 | 3.8 | CVE-2025-26863 |
| n/a--Intel(R) 800 Series Ethernet | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 2.8 | CVE-2025-24324 |
| n/a--Intel(R) I350 Series Ethernet | Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure. | 2025-08-12 | 3.3 | CVE-2025-24511 |
| n/a--Intel(R) Local Manageability Service software | Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access. | 2025-08-12 | 3.3 | CVE-2025-24520 |
| n/a--Intel(R) SGX SDK | Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access. | 2025-08-12 | 3.9 | CVE-2025-32004 |
| n/a--Intel(R) TDX | Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. | 2025-08-12 | 3.3 | CVE-2025-20613 |
| n/a--Intel(R) TDX | Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 2.3 | CVE-2025-22853 |
| n/a--Intel(R) TDX | Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. | 2025-08-12 | 1.9 | CVE-2025-21096 |
| n/a--JasPer | A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue. | 2025-08-11 | 3.3 | CVE-2025-8835 |
| n/a--JasPer | A vulnerability was determined in JasPer up to 4.2.5. Affected by this issue is the function jpc_floorlog2 of the file src/libjasper/jpc/jpc_enc.c of the component JPEG2000 Encoder. The manipulation leads to reachable assertion. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 79185d32d7a444abae441935b20ae4676b3513d4. It is recommended to apply a patch to fix this issue. | 2025-08-11 | 3.3 | CVE-2025-8836 |
| n/a--LibTIFF | A vulnerability was identified in LibTIFF 4.7.0. This issue affects the function May of the file tiffcrop.c of the component tiffcrop. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2025-08-14 | 3.3 | CVE-2025-8961 |
| n/a--PostgreSQL | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. | 2025-08-14 | 3.1 | CVE-2025-8713 |
| n/a--tcpreplay | A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2." | 2025-08-15 | 3.1 | CVE-2025-9019 |
| NASM--Netwide Assember | A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 3.3 | CVE-2025-8844 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | 2025-08-11 | 3.3 | CVE-2025-24844 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | 2025-08-11 | 3.3 | CVE-2025-24925 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | 2025-08-11 | 3.3 | CVE-2025-25212 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | 2025-08-11 | 3.3 | CVE-2025-26690 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. | 2025-08-11 | 3.3 | CVE-2025-27536 |
| OpenHarmony--OpenHarmony | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | 2025-08-11 | 3.3 | CVE-2025-27562 |
| Portabilis--i-Diario | A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-13 | 2.4 | CVE-2025-8919 |
| Portabilis--i-Diario | A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-13 | 2.4 | CVE-2025-8920 |
| Portabilis--i-Educar | A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-08-13 | 2.4 | CVE-2025-8918 |
| quttera--Quttera Web Malware Scanner | The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2025-08-15 | 3.8 | CVE-2025-8013 |
| SAP_SE--SAP Cloud Connector | Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected. | 2025-08-12 | 3.5 | CVE-2025-42955 |
| SAP_SE--SAP Fiori (Launchpad) | SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected. | 2025-08-12 | 3.5 | CVE-2025-42941 |
| Siemens--SIPROTEC 5 6MD84 (CP300) | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability. | 2025-08-12 | 2.4 | CVE-2025-40570 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information. | 2025-08-12 | 3.1 | CVE-2024-41980 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool. | 2025-08-12 | 3.5 | CVE-2024-41983 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications. | 2025-08-12 | 2.6 | CVE-2024-41984 |
| Siemens--SmartClient modules Opcenter QL Home (SC) | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not expire the session without logout. This could allow an attacker to get unauthorized access if the session is left idle. | 2025-08-12 | 2.6 | CVE-2024-41985 |
| Tenda--AC20 | A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-08-17 | 2.5 | CVE-2025-9091 |
| yangzongzhuan--RuoYi | A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-08-11 | 3.5 | CVE-2025-8847 |
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Akcess-Net--Lepszy BIP | Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in index.php form in one of the parameters allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. The vendor was contacted early about this disclosure but did not respond in any way. Potentially all versions are vulnerable. | 2025-08-14 | not yet calculated | CVE-2025-7761 |
| Amazon--EMR | Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below. | 2025-08-13 | not yet calculated | CVE-2025-8904 |
| AMI--AptioV | APTIOV contains a vulnerability in BIOS where a skilled user may cause "Race Condition" by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability. | 2025-08-12 | not yet calculated | CVE-2025-22830 |
| anthropics--claude-code | Claude Code is an agentic coding tool. Prior to version 1.0.4, it's possible to bypass the Claude Code confirmation prompts to read a file and then send file contents over the network without user confirmation due to an overly broad allowlist of safe commands. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on standard Claude Code auto-update received this fix automatically after release. Current users of Claude Code are unaffected, as versions prior to 1.0.24 are deprecated and have been forced to update. | 2025-08-16 | not yet calculated | CVE-2025-55284 |
| Apache Software Foundation--Apache bRPC | Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit. | 2025-08-14 | not yet calculated | CVE-2025-54472 |
| Apache Software Foundation--Apache OFBiz | Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue. | 2025-08-15 | not yet calculated | CVE-2025-54466 |
| Apache Software Foundation--Apache Superset | A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue. | 2025-08-14 | not yet calculated | CVE-2025-55672 |
| Apache Software Foundation--Apache Superset | When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user. This issue affects Apache Superset: before 4.1.3. Users are recommended to upgrade to version 4.1.3, which fixes the issue. | 2025-08-14 | not yet calculated | CVE-2025-55673 |
| Apache Software Foundation--Apache Superset | A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue. | 2025-08-14 | not yet calculated | CVE-2025-55674 |
| Apache Software Foundation--Apache Superset | Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue. | 2025-08-14 | not yet calculated | CVE-2025-55675 |
| Apache Software Foundation--Apache Tomcat | Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue. | 2025-08-13 | not yet calculated | CVE-2025-48989 |
| Apache Software Foundation--Apache Tomcat | Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. | 2025-08-13 | not yet calculated | CVE-2025-55668 |
| Apple--Apple Music Classical for Android | This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. | 2025-08-15 | not yet calculated | CVE-2025-43201 |
| Auxilium--RateMyPet | Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution. | 2025-08-11 | not yet calculated | CVE-2012-10038 |
| Axis Communications AB--AXIS Camera Station Pro | During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. | 2025-08-12 | not yet calculated | CVE-2025-7622 |
| Broadcom--Symantec PGP Encryption | Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | 2025-08-11 | not yet calculated | CVE-2025-8660 |
| Broadcom--Symantec PGP Encryption | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. | 2025-08-11 | not yet calculated | CVE-2025-8661 |
| bulletphysics--bullet3 | Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function. | 2025-08-11 | not yet calculated | CVE-2025-8854 |
| Bunkerity--Bunker Web | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2. | 2025-08-15 | not yet calculated | CVE-2025-8066 |
| CherryHQ--cherry-studio | Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2. | 2025-08-13 | not yet calculated | CVE-2025-54074 |
| CodeFuse--ModelCache | ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data. | 2025-08-11 | not yet calculated | CVE-2025-45146 |
| ComSndFTP--FTP Server | ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations. | 2025-08-13 | not yet calculated | CVE-2012-10055 |
| CycloneDX--Sunshine | CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file | 2025-08-13 | not yet calculated | CVE-2025-52386 |
| Cytel Inc.--Studio | Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened. | 2025-08-13 | not yet calculated | CVE-2011-10015 |
| Danphe Health--Hospital Management System EMR | An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password. | 2025-08-13 | not yet calculated | CVE-2025-50594 |
| darylldoyle--svg-sanitizer | savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. This issue has been patched in version 0.22.0. | 2025-08-12 | not yet calculated | CVE-2025-55166 |
| dj-extensions.com--DJ-Classifieds component for Joomla | A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands. | 2025-08-15 | not yet calculated | CVE-2025-54474 |
| DogukanUrker--flaskBlog | flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. At time of publication, there are no public patches available. | 2025-08-14 | not yet calculated | CVE-2025-53631 |
| Dolibarr Project--ERP/CRM | Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. | 2025-08-13 | not yet calculated | CVE-2012-10059 |
| Drupal--AI SEO Link Advisor | Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6. | 2025-08-15 | not yet calculated | CVE-2025-8675 |
| Drupal--Authenticator Login | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4. | 2025-08-15 | not yet calculated | CVE-2025-8995 |
| Drupal--Config Pages | Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0. | 2025-08-15 | not yet calculated | CVE-2025-8361 |
| Drupal--COOKiES Consent Management | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16. | 2025-08-15 | not yet calculated | CVE-2025-8092 |
| Drupal--GoogleTag Manager | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0. | 2025-08-15 | not yet calculated | CVE-2025-8362 |
| Drupal--Layout Builder Advanced Permissions | Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0. | 2025-08-15 | not yet calculated | CVE-2025-8996 |
| Espec--Espec North America Web controller | In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI. | 2025-08-14 | not yet calculated | CVE-2025-27845 |
| Espec--Espec North America Web controller | In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. | 2025-08-14 | not yet calculated | CVE-2025-27846 |
| Espec--Espec North America Web controller | In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. | 2025-08-14 | not yet calculated | CVE-2025-27847 |
| ETHER--Catalyst::Authentication::Credential::HTTP | Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616. | 2025-08-11 | not yet calculated | CVE-2025-40920 |
| external-secrets--external-secrets | External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read secrets/secret-stores across the cluster, bypassing intended namespace restrictions. An attacker with the ability to create or update PushSecret resources and control SecretStore configurations could exploit this vulnerability to exfiltrate sensitive data from arbitrary namespaces. This could lead to full disclosure of Kubernetes secrets, including credentials, tokens, and other sensitive information stored in the cluster. This vulnerability has been patched in version 0.19.2. A workaround for this issue includes auditing and restricting RBAC permissions so that only trusted service accounts can create or update PushSecret and SecretStore resources. | 2025-08-13 | not yet calculated | CVE-2025-55196 |
| GIMP--GIMP | MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent. This issue has been fixed in 3.1.4.2 version of GIMP. | 2025-08-11 | not yet calculated | CVE-2025-8672 |
| Google--Chrome | Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) | 2025-08-13 | not yet calculated | CVE-2025-8879 |
| Google--Chrome | Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 2025-08-13 | not yet calculated | CVE-2025-8880 |
| Google--Chrome | Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2025-08-13 | not yet calculated | CVE-2025-8881 |
| Google--Chrome | Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2025-08-13 | not yet calculated | CVE-2025-8882 |
| Google--Chrome | Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 2025-08-13 | not yet calculated | CVE-2025-8901 |
| Google--Keras | A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive. | 2025-08-11 | not yet calculated | CVE-2025-8747 |
| helmetjs--content-security-policy-parser | content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature. | 2025-08-12 | not yet calculated | CVE-2025-55164 |
| HP Inc.--Certain HP PC Products | A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability. | 2025-08-13 | not yet calculated | CVE-2024-5477 |
| HP, Inc.--HP Hotkey Support Software | A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. | 2025-08-15 | not yet calculated | CVE-2025-43490 |
| Hyland Software--OnBase | Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM. | 2025-08-13 | not yet calculated | CVE-2025-34153 |
| joomsky.com--JS Jobs component for Joomla | A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. | 2025-08-15 | not yet calculated | CVE-2025-54475 |
| JurajNyiri--HomeAssistant-Tapo-Control | HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself - it only impacts the GitHub Actions environment for this repository. The vulnerable workflow directly inserted user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper sanitization. A malicious GitHub user could craft an issue body that executes arbitrary commands on the GitHub Actions runner in a privileged context whenever an issue is opened. The potential impact is limited to the repository's CI/CD environment, which could allow access to repository contents or GitHub Actions secrets. This issue has been patched via commit 2a3b80f. Workarounds involve disabling the affected workflow (issues.yml), replacing the unsafe Bash comparison with a safe quoted grep (or a pure GitHub Actions expression check), or ensuring minimal permissions in workflows (permissions: block) to reduce possible impact. | 2025-08-14 | not yet calculated | CVE-2025-55192 |
| KuWFi--4G AC900 LTE router | The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet). | 2025-08-14 | not yet calculated | CVE-2024-53945 |
| KuWFi--4G AC900 LTE router | The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. This vulnerability allows an attacker to trick an authenticated admin user into performing unauthorized actions, such as exploiting a command injection vulnerability in /goform/formMultiApnSetting. Successful exploitation can also lead to unauthorized configuration changes. | 2025-08-14 | not yet calculated | CVE-2024-53946 |
| KuWFi--4G CPF908-CP5 LTE Router | KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. These allow an unauthenticated attacker to retrieve sensitive information (including the device admin username and password), modify critical device settings, and send arbitrary SMS messages. | 2025-08-14 | not yet calculated | CVE-2025-43983 |
| KuWFi--5G01-X55 | KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. | 2025-08-13 | not yet calculated | CVE-2025-43988 |
| KuWFi--GC111 | An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). They are vulnerable to unauthenticated /goform/goform_set_cmd_process requests. A crafted POST request, using the SSID parameter, allows remote attackers to execute arbitrary OS commands with root privileges. | 2025-08-14 | not yet calculated | CVE-2025-43984 |
| KuWFi--GC111 | An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication. | 2025-08-13 | not yet calculated | CVE-2025-43986 |
| LabRedesCefetRJ--WeGIA | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8. | 2025-08-12 | not yet calculated | CVE-2025-55167 |
| LabRedesCefetRJ--WeGIA | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_fichamedica parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue has been patched in version 3.4.8. | 2025-08-12 | not yet calculated | CVE-2025-55168 |
| LabRedesCefetRJ--WeGIA | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to local files in the server and sensitive information stored in config.php. config.php contains information that could allow direct access to the database. This issue has been patched in version 3.4.8. | 2025-08-12 | not yet calculated | CVE-2025-55169 |
| Lattice Semiconductor--ispVM System | Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specially crafted file to overwrite memory on the stack. This can result in arbitrary code execution under the context of the user who opens the file. The vulnerability is triggered locally by opening a malicious .xcf file and does not require elevated privileges. | 2025-08-13 | not yet calculated | CVE-2012-10057 |
| Legion of the Bouncy Castle Inc.--Bouncy Castle for Java | Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 1.0.2.5, from BC-FJA 2.0.0 through 2.0.0. | 2025-08-12 | not yet calculated | CVE-2025-8885 |
| Legion of the Bouncy Castle Inc.--Bouncy Castle for Java | Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7. | 2025-08-13 | not yet calculated | CVE-2025-8916 |
| Legion of the Bouncy Castle Inc.--Bouncy Castle for Java - BC-FJA 2.1.0 | Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader. This issue affects Bouncy Castle for Java - BC-FJA 2.1.0: from BC-FJA 2.1.0 through 2.1.0. | 2025-08-16 | not yet calculated | CVE-2025-9092 |
| Liferay--Portal | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the "first display label" field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page. | 2025-08-12 | not yet calculated | CVE-2025-43734 |
| Liferay--Portal | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget. | 2025-08-12 | not yet calculated | CVE-2025-43735 |
| Liferay--Portal | A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload more than 300kb profile picture into the user profile. This size more than the noted max 300kb size. This extra amount of data can make Liferay slower. | 2025-08-12 | not yet calculated | CVE-2025-43736 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: call rcu_barrier() in ksmbd_server_exit() racy issue is triggered the bug by racing between closing a connection and rmmod. In ksmbd, rcu_barrier() is not called at module unload time, so nothing prevents ksmbd from getting unloaded while it still has RCU callbacks pending. It leads to trigger unintended execution of kernel code locally and use to defeat protections such as Kernel Lockdown | 2025-08-16 | not yet calculated | CVE-2023-32246 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: not allow guest user on multichannel This patch return STATUS_NOT_SUPPORTED if binding session is guest. | 2025-08-16 | not yet calculated | CVE-2023-32249 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bound read in smb2_write ksmbd_smb2_check_message doesn't validate hdr->NextCommand. If ->NextCommand is bigger than Offset + Length of smb2 write, It will allow oversized smb2 write length. It will cause OOB read in smb2_write. | 2025-08-16 | not yet calculated | CVE-2023-3865 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session id and tree id in compound request. If first operation in the compound is SMB2 ECHO request, ksmbd bypass session and tree validation. So work->sess and work->tcon could be NULL. If secound request in the compound access work->sess or tcon, It cause NULL pointer dereferecing error. | 2025-08-16 | not yet calculated | CVE-2023-3866 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup(). | 2025-08-16 | not yet calculated | CVE-2023-3867 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of current smb2_ea_info. ksmbd need to validate buffer length Before accessing the next ea. ksmbd should check buffer length using buf_len, not next variable. next is the start offset of current ea that got from previous ea. | 2025-08-16 | not yet calculated | CVE-2023-4130 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expected. Fix it by add check for request size of other commands. | 2025-08-16 | not yet calculated | CVE-2023-4515 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above. | 2025-08-11 | not yet calculated | CVE-2025-38499 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] <TASK> [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] </TASK> | 2025-08-12 | not yet calculated | CVE-2025-38500 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated connections from clients with the same IP. | 2025-08-16 | not yet calculated | CVE-2025-38501 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size, and one program doing a tail call into the other. The verifier will validate each of the indivial programs just fine. However, in the runtime context the bpf_cg_run_ctx holds an bpf_prog_array_item which contains the BPF program as well as any cgroup local storage flavor the program uses. Helpers such as bpf_get_local_storage() pick this up from the runtime context: ctx = container_of(current->bpf_ctx, struct bpf_cg_run_ctx, run_ctx); storage = ctx->prog_item->cgroup_storage[stype]; if (stype == BPF_CGROUP_STORAGE_SHARED) ptr = &READ_ONCE(storage->buf)->data[0]; else ptr = this_cpu_ptr(storage->percpu_buf); For the second program which was called from the originally attached one, this means bpf_get_local_storage() will pick up the former program's map, not its own. With mismatching sizes, this can result in an unintended out-of-bounds access. To fix this issue, we need to extend bpf_map_owner with an array of storage_cookie[] to match on i) the exact maps from the original program if the second program was using bpf_get_local_storage(), or ii) allow the tail call combination if the second program was not using any of the cgroup local storage maps. | 2025-08-16 | not yet calculated | CVE-2025-38502 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info (device loop0 state M): rebuilding free space tree assertion failed: ret == 0, in fs/btrfs/free-space-tree.c:1102 ------------[ cut here ]------------ kernel BUG at fs/btrfs/free-space-tree.c:1102! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP Modules linked in: CPU: 1 UID: 0 PID: 6592 Comm: syz-executor322 Not tainted 6.15.0-rc7-syzkaller-gd7fa1af5b33e #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 lr : populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 sp : ffff8000a4ce7600 x29: ffff8000a4ce76e0 x28: ffff0000c9bc6000 x27: ffff0000ddfff3d8 x26: ffff0000ddfff378 x25: dfff800000000000 x24: 0000000000000001 x23: ffff8000a4ce7660 x22: ffff70001499cecc x21: ffff0000e1d8c160 x20: ffff0000e1cb7800 x19: ffff0000e1d8c0b0 x18: 00000000ffffffff x17: ffff800092f39000 x16: ffff80008ad27e48 x15: ffff700011e740c0 x14: 1ffff00011e740c0 x13: 0000000000000004 x12: ffffffffffffffff x11: ffff700011e740c0 x10: 0000000000ff0100 x9 : 94ef24f55d2dbc00 x8 : 94ef24f55d2dbc00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff8000a4ce6f98 x4 : ffff80008f415ba0 x3 : ffff800080548ef0 x2 : 0000000000000000 x1 : 0000000100000000 x0 : 000000000000003e Call trace: populate_free_space_tree+0x514/0x518 fs/btrfs/free-space-tree.c:1102 (P) btrfs_rebuild_free_space_tree+0x14c/0x54c fs/btrfs/free-space-tree.c:1337 btrfs_start_pre_rw_mount+0xa78/0xe10 fs/btrfs/disk-io.c:3074 btrfs_remount_rw fs/btrfs/super.c:1319 [inline] btrfs_reconfigure+0x828/0x2418 fs/btrfs/super.c:1543 reconfigure_super+0x1d4/0x6f0 fs/super.c:1083 do_remount fs/namespace.c:3365 [inline] path_mount+0xb34/0xde0 fs/namespace.c:4200 do_mount fs/namespace.c:4221 [inline] __do_sys_mount fs/namespace.c:4432 [inline] __se_sys_mount fs/namespace.c:4409 [inline] __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4409 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x58/0x17c arch/arm64/kernel/entry-common.c:767 el0t_64_sync_handler+0x78/0x108 arch/arm64/kernel/entry-common.c:786 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Code: f0047182 91178042 528089c3 9771d47b (d4210000) ---[ end trace 0000000000000000 ]--- This happens because we are processing an empty block group, which has no extents allocated from it, there are no items for this block group, including the block group item since block group items are stored in a dedicated tree when using the block group tree feature. It also means this is the block group with the highest start offset, so there are no higher keys in the extent root, hence btrfs_search_slot_for_read() returns 1 (no higher key found). Fix this by asserting 'ret' is 0 only if the block group tree feature is not enabled, in which case we should find a block group item for the block group since it's stored in the extent root and block group item keys are greater than extent item keys (the value for BTRFS_BLOCK_GROUP_ITEM_KEY is 192 and for BTRFS_EXTENT_ITEM_KEY and BTRFS_METADATA_ITEM_KEY the values are 168 and 169 respectively). In case 'ret' is 1, we just need to add a record to the free space tree which spans the whole block group, and we can achieve this by making 'ret == 0' as the while loop's condition. | 2025-08-16 | not yet calculated | CVE-2025-38503 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix pp destruction warnings With multiple page pools and in some other cases we can have allocated niovs on page pool destruction. Remove a misplaced warning checking that all niovs are returned to zcrx on io_pp_zc_destroy(). It was reported before but apparently got lost. | 2025-08-16 | not yet calculated | CVE-2025-38504 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: discard erroneous disassoc frames on STA interface When operating in concurrent STA/AP mode with host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when clients disconnect from the AP interface. This causes kernel warnings as the STA interface processes disconnect events that don't apply to it: [ 1303.240540] WARNING: CPU: 0 PID: 513 at net/wireless/mlme.c:141 cfg80211_process_disassoc+0x78/0xec [cfg80211] [ 1303.250861] Modules linked in: 8021q garp stp mrp llc rfcomm bnep btnxpuart nls_iso8859_1 nls_cp437 onboard_us [ 1303.327651] CPU: 0 UID: 0 PID: 513 Comm: kworker/u9:2 Not tainted 6.16.0-rc1+ #3 PREEMPT [ 1303.335937] Hardware name: Toradex Verdin AM62 WB on Verdin Development Board (DT) [ 1303.343588] Workqueue: MWIFIEX_RX_WORK_QUEUE mwifiex_rx_work_queue [mwifiex] [ 1303.350856] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1303.357904] pc : cfg80211_process_disassoc+0x78/0xec [cfg80211] [ 1303.364065] lr : cfg80211_process_disassoc+0x70/0xec [cfg80211] [ 1303.370221] sp : ffff800083053be0 [ 1303.373590] x29: ffff800083053be0 x28: 0000000000000000 x27: 0000000000000000 [ 1303.380855] x26: 0000000000000000 x25: 00000000ffffffff x24: ffff000002c5b8ae [ 1303.388120] x23: ffff000002c5b884 x22: 0000000000000001 x21: 0000000000000008 [ 1303.395382] x20: ffff000002c5b8ae x19: ffff0000064dd408 x18: 0000000000000006 [ 1303.402646] x17: 3a36333a61623a30 x16: 32206d6f72662063 x15: ffff800080bfe048 [ 1303.409910] x14: ffff000003625300 x13: 0000000000000001 x12: 0000000000000000 [ 1303.417173] x11: 0000000000000002 x10: ffff000003958600 x9 : ffff000003625300 [ 1303.424434] x8 : ffff00003fd9ef40 x7 : ffff0000039fc280 x6 : 0000000000000002 [ 1303.431695] x5 : ffff0000038976d4 x4 : 0000000000000000 x3 : 0000000000003186 [ 1303.438956] x2 : 000000004836ba20 x1 : 0000000000006986 x0 : 00000000d00479de [ 1303.446221] Call trace: [ 1303.448722] cfg80211_process_disassoc+0x78/0xec [cfg80211] (P) [ 1303.454894] cfg80211_rx_mlme_mgmt+0x64/0xf8 [cfg80211] [ 1303.460362] mwifiex_process_mgmt_packet+0x1ec/0x460 [mwifiex] [ 1303.466380] mwifiex_process_sta_rx_packet+0x1bc/0x2a0 [mwifiex] [ 1303.472573] mwifiex_handle_rx_packet+0xb4/0x13c [mwifiex] [ 1303.478243] mwifiex_rx_work_queue+0x158/0x198 [mwifiex] [ 1303.483734] process_one_work+0x14c/0x28c [ 1303.487845] worker_thread+0x2cc/0x3d4 [ 1303.491680] kthread+0x12c/0x208 [ 1303.495014] ret_from_fork+0x10/0x20 Add validation in the STA receive path to verify that disassoc/deauth frames originate from the connected AP. Frames that fail this check are discarded early, preventing them from reaching the MLME layer and triggering WARN_ON(). This filtering logic is similar with that used in the ieee80211_rx_mgmt_disassoc() function in mac80211, which drops disassoc frames that don't match the current BSSID (!ether_addr_equal(mgmt->bssid, sdata->vif.cfg.ap_addr)), ensuring only relevant frames are processed. Tested on: - 8997 with FW 16.68.1.p197 | 2025-08-16 | not yet calculated | CVE-2025-38505 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory (1TB+), the host can experience CPU soft lockups when running an operation in kvm_vm_set_mem_attributes() to set memory attributes on the whole range of guest memory. watchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372] CPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary) Hardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024 RIP: 0010:xas_create+0x78/0x1f0 Code: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 <74> 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87 RSP: 0018:ffffad890a34b940 EFLAGS: 00000286 RAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000 RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868 R13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868 FS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <TASK> xas_store+0x58/0x630 __xa_store+0xa5/0x130 xa_store+0x2c/0x50 kvm_vm_set_mem_attributes+0x343/0x710 [kvm] kvm_vm_ioctl+0x796/0xab0 [kvm] __x64_sys_ioctl+0xa3/0xd0 do_syscall_64+0x8c/0x7a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f5578d031bb Code: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48 RSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bb RDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000b RBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000 R10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120 R13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0 While looping through the range of memory setting the attributes, call cond_resched() to give the scheduler a chance to run a higher priority task on the runqueue if necessary and avoid staying in kernel mode long enough to trigger the lockup. | 2025-08-16 | not yet calculated | CVE-2025-38506 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: avoid bluetooth suspend/resume stalls Ensure we don't stall or panic the kernel when using bluetooth-connected controllers. This was reported as an issue on android devices using kernel 6.6 due to the resume hook which had been added for usb joycons. First, set a new state value to JOYCON_CTLR_STATE_SUSPENDED in a newly-added nintendo_hid_suspend. This makes sure we will not stall out the kernel waiting for input reports during led classdev suspend. The stalls could happen if connectivity is unreliable or lost to the controller prior to suspend. Second, since we lose connectivity during suspend, do not try joycon_init() for bluetooth controllers in the nintendo_hid_resume path. Tested via multiple suspend/resume flows when using the controller both in USB and bluetooth modes. | 2025-08-16 | not yet calculated | CVE-2025-38507 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation When using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly (typically ~0.2%) from the actual mean TSC frequency due to clocking parameters. Over extended VM uptime, this discrepancy accumulates, causing clock skew between the hypervisor and a SEV-SNP VM, leading to early timer interrupts as perceived by the guest. The guest kernel relies on the reported nominal frequency for TSC-based timekeeping, while the actual frequency set during SNP_LAUNCH_START may differ. This mismatch results in inaccurate time calculations, causing the guest to perceive hrtimers as firing earlier than expected. Utilize the TSC_FACTOR from the SEV firmware's secrets page (see "Secrets Page Format" in the SNP Firmware ABI Specification) to calculate the mean TSC frequency, ensuring accurate timekeeping and mitigating clock skew in SEV-SNP VMs. Use early_ioremap_encrypted() to map the secrets page as ioremap_encrypted() uses kmalloc() which is not available during early TSC initialization and causes a panic. [ bp: Drop the silly dummy var: https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ] | 2025-08-16 | not yet calculated | CVE-2025-38508 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must be rejected. Without this check, malformed notifications using these widths may reach ieee80211_chan_width_to_rx_bw(), leading to a WARN_ON due to invalid input. This issue was reported by syzbot. Reject these unsupported widths early in sta_link_apply_parameters() when opmode_notif is used. The accepted set includes 20, 40, 80, 160, and 80+80 MHz, which are valid for VHT. While 320 MHz is not defined for VHT, it is allowed to avoid rejecting HE or EHT clients that may still send a VHT opmode notification. | 2025-08-16 | not yet calculated | CVE-2025-38509 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasan_find_vm_area() to prevent possible deadlock find_vm_area() couldn't be called in atomic_context. If find_vm_area() is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock! To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). | 2025-08-16 | not yet calculated | CVE-2025-38510 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might leave some stale data that could either point to some other VFs allocations or even to the PF pages. Explicitly clear all new LMTT page to avoid the risk that a malicious VF would try to exploit that gap. While around add asserts to catch any undesired PTE overwrites and low-level debug traces to track LMTT PT life-cycle. (cherry picked from commit 3fae6918a3e27cce20ded2551f863fb05d4bef8d) | 2025-08-16 | not yet calculated | CVE-2025-38511 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this case (CVE-2025-27558). It can be considered a variant of CVE-2020-24588 but for mesh networks. This patch tries to detect if a standard MSDU was turned into an A-MSDU by an adversary. This is done by parsing a received A-MSDU as a standard MSDU, calculating the length of the Mesh Control header, and seeing if the 6 bytes after this header equal the start of an rfc1042 header. If equal, this is a strong indication of an ongoing attack attempt. This defense was tested with mac80211_hwsim against a mesh network that uses an empty Mesh Address Extension field, i.e., when four addresses are used, and when using a 12-byte Mesh Address Extension field, i.e., when six addresses are used. Functionality of normal MSDUs and A-MSDUs was also tested, and confirmed working, when using both an empty and 12-byte Mesh Address Extension field. It was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh networks keep being detected and prevented. Note that the vulnerability being patched, and the defense being implemented, was also discussed in the following paper and in the following IEEE 802.11 presentation: https://papers.mathyvanhoef.com/wisec2025.pdf https://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx | 2025-08-16 | not yet calculated | CVE-2025-38512 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i<position; i++) skb = __skb_dequeue(q) if (mac->type == NL80211_IFTYPE_AP) skb = __skb_dequeue(q); spin_unlock_irqrestore(&q->lock, flags); skb_dequeue() -> NULL Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced. In order to avoid potential NULL pointer dereference due to situations like above, check if skb is not NULL before passing it to zd_mac_tx_status(). Found by Linux Verification Center (linuxtesting.org) with SVACE. | 2025-08-16 | not yet calculated | CVE-2025-38513 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix oops due to non-existence of prealloc backlog struct If an AF_RXRPC service socket is opened and bound, but calls are preallocated, then rxrpc_alloc_incoming_call() will oops because the rxrpc_backlog struct doesn't get allocated until the first preallocation is made. Fix this by returning NULL from rxrpc_alloc_incoming_call() if there is no backlog struct. This will cause the incoming call to be aborted. | 2025-08-16 | not yet calculated | CVE-2025-38514 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spsc_queue_push and the run-job worker, in which spsc_queue_push may return not-first while the run-job worker has already idled due to the job count being zero. If this race occurs, job scheduling stops, leading to hangs while waiting on the job's DMA fences. Seal this race by incrementing the job count before appending to the SPSC queue. This race was observed on a drm-tip 6.16-rc1 build with the Xe driver in an SVM test case. | 2025-08-16 | not yet calculated | CVE-2025-38515 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0 113` on RB2. The exact culprit is requesting pins whose intr_detection_width setting is not 1 or 2 for interrupts. This hits a BUG() in msm_gpio_irq_set_type(). Potentially crashing the kernel due to an invalid request from user-space is not optimal, so let's go through the pins and mark those that would fail the check as invalid for the irq chip as we should not even register them as available irqs. This function can be extended if we determine that there are more corner-cases like this. | 2025-08-16 | not yet calculated | CVE-2025-38516 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock even when the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype)) In all cases, alloc_tag_cttype is not allocated, and therefore alloc_tag_top_users() should not attempt to acquire the semaphore. This leads to a crash on memory allocation failure by attempting to acquire a non-existent semaphore: Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:down_read_trylock+0xaa/0x3b0 Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016 RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000 RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070 RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1 R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37 R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000 FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0 Call Trace: <TASK> codetag_trylock_module_list+0xd/0x20 alloc_tag_top_users+0x369/0x4b0 __show_mem+0x1cd/0x6e0 warn_alloc+0x2b1/0x390 __alloc_frozen_pages_noprof+0x12b9/0x21a0 alloc_pages_mpol+0x135/0x3e0 alloc_slab_page+0x82/0xe0 new_slab+0x212/0x240 ___slab_alloc+0x82a/0xe00 </TASK> As David Wang points out, this issue became easier to trigger after commit 780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init"). Before the commit, the issue occurred only when it failed to allocate and initialize alloc_tag_cttype or if a memory allocation fails before alloc_tag_init() is called. After the commit, it can be easily triggered when memory profiling is compiled but disabled at boot. To properly determine whether alloc_tag_init() has been called and its data structures initialized, verify that alloc_tag_cttype is a valid pointer before acquiring the semaphore. If the variable is NULL or an error value, it has not been properly initialized. In such a case, just skip and do not attempt to acquire the semaphore. [harry.yoo@oracle.com: v3] | 2025-08-16 | not yet calculated | CVE-2025-38517 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disable INVLPGB on Zen2 AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h) has an issue that causes system oopses and panics when performing TLB flush using INVLPGB. However, the problem is that that machine has misconfigured CPUID and should not report the INVLPGB bit in the first place. So zap the kernel's representation of the flag so that nothing gets confused. [ bp: Massage. ] | 2025-08-16 | not yet calculated | CVE-2025-38518 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: mm/damon: fix divide by zero in damon_get_intervals_score() The current implementation allows having zero size regions with no special reasons, but damon_get_intervals_score() gets crashed by divide by zero when the region size is zero. [ 29.403950] Oops: divide error: 0000 [#1] SMP NOPTI This patch fixes the bug, but does not disallow zero size regions to keep the backward compatibility since disallowing zero size regions might be a breaking change for some users. In addition, the same crash can happen when intervals_goal.access_bp is zero so this should be fixed in stable trees as well. | 2025-08-16 | not yet calculated | CVE-2025-38519 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Don't call mmput from MMU notifier callback If the process is exiting, the mmput inside mmu notifier callback from compactd or fork or numa balancing could release the last reference of mm struct to call exit_mmap and free_pgtable, this triggers deadlock with below backtrace. The deadlock will leak kfd process as mmu notifier release is not called and cause VRAM leaking. The fix is to take mm reference mmget_non_zero when adding prange to the deferred list to pair with mmput in deferred list work. If prange split and add into pchild list, the pchild work_item.mm is not used, so remove the mm parameter from svm_range_unmap_split and svm_range_add_child. The backtrace of hung task: INFO: task python:348105 blocked for more than 64512 seconds. Call Trace: __schedule+0x1c3/0x550 schedule+0x46/0xb0 rwsem_down_write_slowpath+0x24b/0x4c0 unlink_anon_vmas+0xb1/0x1c0 free_pgtables+0xa9/0x130 exit_mmap+0xbc/0x1a0 mmput+0x5a/0x140 svm_range_cpu_invalidate_pagetables+0x2b/0x40 [amdgpu] mn_itree_invalidate+0x72/0xc0 __mmu_notifier_invalidate_range_start+0x48/0x60 try_to_unmap_one+0x10fa/0x1400 rmap_walk_anon+0x196/0x460 try_to_unmap+0xbb/0x210 migrate_page_unmap+0x54d/0x7e0 migrate_pages_batch+0x1c3/0xae0 migrate_pages_sync+0x98/0x240 migrate_pages+0x25c/0x520 compact_zone+0x29d/0x590 compact_zone_order+0xb6/0xf0 try_to_compact_pages+0xbe/0x220 __alloc_pages_direct_compact+0x96/0x1a0 __alloc_pages_slowpath+0x410/0x930 __alloc_pages_nodemask+0x3a9/0x3e0 do_huge_pmd_anonymous_page+0xd7/0x3e0 __handle_mm_fault+0x5e3/0x5f0 handle_mm_fault+0xf7/0x2e0 hmm_vma_fault.isra.0+0x4d/0xa0 walk_pmd_range.isra.0+0xa8/0x310 walk_pud_range+0x167/0x240 walk_pgd_range+0x55/0x100 __walk_page_range+0x87/0x90 walk_page_range+0xf6/0x160 hmm_range_fault+0x4f/0x90 amdgpu_hmm_range_get_pages+0x123/0x230 [amdgpu] amdgpu_ttm_tt_get_user_pages+0xb1/0x150 [amdgpu] init_user_pages+0xb1/0x2a0 [amdgpu] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x543/0x7d0 [amdgpu] kfd_ioctl_alloc_memory_of_gpu+0x24c/0x4e0 [amdgpu] kfd_ioctl+0x29d/0x500 [amdgpu] (cherry picked from commit a29e067bd38946f752b0ef855f3dfff87e77bec7) | 2025-08-16 | not yet calculated | CVE-2025-38520 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_runtime_force_resume(), which according to their documentation should only be used during system-wide PM transitions to sleep states. The main issue though is that depending on some internal runtime PM state as seen by pm_runtime_force_suspend() (whether the usage count is <= 1), pm_runtime_force_resume() might not resume the device unless needed. If that happens, the runtime PM resume callback pvr_power_device_resume() is not called, the GPU clocks are not re-enabled, and the kernel crashes on the next attempt to access GPU registers as part of the power-on sequence. Replace calls to pm_runtime_force_suspend() and pm_runtime_force_resume() with direct calls to the driver's runtime PM callbacks, pvr_power_device_suspend() and pvr_power_device_resume(), to ensure clocks are re-enabled and avoid the kernel crash. | 2025-08-16 | not yet calculated | CVE-2025-38521 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: sched/ext: Prevent update_locked_rq() calls with NULL rq Avoid invoking update_locked_rq() when the runqueue (rq) pointer is NULL in the SCX_CALL_OP and SCX_CALL_OP_RET macros. Previously, calling update_locked_rq(NULL) with preemption enabled could trigger the following warning: BUG: using __this_cpu_write() in preemptible [00000000] This happens because __this_cpu_write() is unsafe to use in preemptible context. rq is NULL when an ops invoked from an unlocked context. In such cases, we don't need to store any rq, since the value should already be NULL (unlocked). Ensure that update_locked_rq() is only called when rq is non-NULL, preventing calling __this_cpu_write() on preemptible context. | 2025-08-16 | not yet calculated | CVE-2025-38522 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the smbd_response slab to allow usercopy The handling of received data in the smbdirect client code involves using copy_to_iter() to copy data from the smbd_reponse struct's packet trailer to a folioq buffer provided by netfslib that encapsulates a chunk of pagecache. If, however, CONFIG_HARDENED_USERCOPY=y, this will result in the checks then performed in copy_to_iter() oopsing with something like the following: CIFS: Attempting to mount //172.31.9.1/test CIFS: VFS: RDMA transport established usercopy: Kernel memory exposure attempt detected from SLUB object 'smbd_response_0000000091e24ea1' (offset 81, size 63)! ------------[ cut here ]------------ kernel BUG at mm/usercopy.c:102! ... RIP: 0010:usercopy_abort+0x6c/0x80 ... Call Trace: <TASK> __check_heap_object+0xe3/0x120 __check_object_size+0x4dc/0x6d0 smbd_recv+0x77f/0xfe0 [cifs] cifs_readv_from_socket+0x276/0x8f0 [cifs] cifs_read_from_socket+0xcd/0x120 [cifs] cifs_demultiplex_thread+0x7e9/0x2d50 [cifs] kthread+0x396/0x830 ret_from_fork+0x2b8/0x3b0 ret_from_fork_asm+0x1a/0x30 The problem is that the smbd_response slab's packet field isn't marked as being permitted for usercopy. Fix this by passing parameters to kmem_slab_create() to indicate that copy_to_iter() is permitted from the packet region of the smbd_response slab objects, less the header space. | 2025-08-16 | not yet calculated | CVE-2025-38523 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event (such as incoming data), the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up the call off of the queue, further events will cause it to be requeued, and once the socket lock is dropped (recvmsg uses call->user_mutex to allow the socket to be used in parallel), a second thread can come in and its recvmsg can pop the call off the socket queue again. In such a case, the first thread will be receiving stuff from the call and the second thread will be blocked on call->user_mutex. The first thread can, at this point, process both the event that it picked call for and the event that the second thread picked the call for and may see the call terminate - in which case the call will be "released", decoupling the call from the user call ID assigned to it (RXRPC_USER_CALL_ID in the control message). The first thread will return okay, but then the second thread will wake up holding the user_mutex and, if it sees that the call has been released by the first thread, it will BUG thusly: kernel BUG at net/rxrpc/recvmsg.c:474! Fix this by just dequeuing the call and ignoring it if it is seen to be already released. We can't tell userspace about it anyway as the user call ID has become stale. | 2025-08-16 | not yet calculated | CVE-2025-38524 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix irq-disabled in local_bh_enable() The rxrpc_assess_MTU_size() function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpc_new_incoming_call() which holds interrupts disabled across the code that calls down to it. Unfortunately, the IP layer uses local_bh_enable() which, config dependent, throws a warning if IRQs are enabled: WARNING: CPU: 1 PID: 5544 at kernel/softirq.c:387 __local_bh_enable_ip+0x43/0xd0 ... RIP: 0010:__local_bh_enable_ip+0x43/0xd0 ... Call Trace: <TASK> rt_cache_route+0x7e/0xa0 rt_set_nexthop.isra.0+0x3b3/0x3f0 __mkroute_output+0x43a/0x460 ip_route_output_key_hash+0xf7/0x140 ip_route_output_flow+0x1b/0x90 rxrpc_assess_MTU_size.isra.0+0x2a0/0x590 rxrpc_new_incoming_peer+0x46/0x120 rxrpc_alloc_incoming_call+0x1b1/0x400 rxrpc_new_incoming_call+0x1da/0x5e0 rxrpc_input_packet+0x827/0x900 rxrpc_io_thread+0x403/0xb60 kthread+0x2f7/0x310 ret_from_fork+0x2a/0x230 ret_from_fork_asm+0x1a/0x30 ... hardirqs last enabled at (23): _raw_spin_unlock_irq+0x24/0x50 hardirqs last disabled at (24): _raw_read_lock_irq+0x17/0x70 softirqs last enabled at (0): copy_process+0xc61/0x2730 softirqs last disabled at (25): rt_add_uncached_list+0x3c/0x90 Fix this by moving the call to rxrpc_assess_MTU_size() out of rxrpc_init_peer() and further up the stack where it can be done without interrupts disabled. It shouldn't be a problem for rxrpc_new_incoming_call() to do it after the locks are dropped as pmtud is going to be performed by the I/O thread - and we're in the I/O thread at this point. | 2025-08-16 | not yet calculated | CVE-2025-38525 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ice: add NULL check in eswitch lag check The function ice_lag_is_switchdev_running() is being called from outside of the LAG event handler code. This results in the lag->upper_netdev being NULL sometimes. To avoid a NULL-pointer dereference, there needs to be a check before it is dereferenced. | 2025-08-16 | not yet calculated | CVE-2025-38526 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileInfo_put(cfile) cifsFileInfo_put_final() cifs_sb_deactive() [last ref, start releasing sb] kill_sb() kill_anon_super() generic_shutdown_super() evict_inodes() dispose_list() evict() destroy_inode() call_rcu(&inode->i_rcu, i_callback) spin_lock(&cinode->open_file_lock) <- OK [later] i_callback() cifs_free_inode() kmem_cache_free(cinode) spin_unlock(&cinode->open_file_lock) <- UAF cifs_done_oplock_break(cinode) <- UAF The issue occurs when umount has already released its reference to the superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this releases the last reference, triggering the immediate cleanup of all inodes under RCU. However, cifs_oplock_break() continues to access the cinode after this point, resulting in use-after-free. Fix this by holding an extra reference to the superblock during the entire oplock break operation. This ensures that the superblock and its inodes remain valid until the oplock break completes. | 2025-08-16 | not yet calculated | CVE-2025-38527 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt[] = "%p%"; bpf_trace_printk(fmt, sizeof(fmt)); The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in format string WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0 This happens because bpf_bprintf_prepare skips over the second %, detected as punctuation, while processing %p. This patch fixes it by not skipping over punctuation. %\x00 is then processed in the next iteration and rejected. | 2025-08-16 | not yet calculated | CVE-2025-38528 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: comedi: aio_iiro_16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & 0xdcfc) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts. | 2025-08-16 | not yet calculated | CVE-2025-38529 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: comedi: pcl812: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if ((1 << it->options[1]) & board->irq_bits) { However, `it->options[i]` is an unchecked `int` value from userspace, so the shift amount could be negative or out of bounds. Fix the test by requiring `it->options[1]` to be within bounds before proceeding with the original test. Valid `it->options[1]` values that select the IRQ will be in the range [1,15]. The value 0 explicitly disables the use of interrupts. | 2025-08-16 | not yet calculated | CVE-2025-38530 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err(), dev_warn() and dev_info() don't seem to cause a panic, but are fixed as well. The issue is reported and traced here: [1] | 2025-08-16 | not yet calculated | CVE-2025-38531 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: net: libwx: properly reset Rx ring descriptor When device reset is triggered by feature changes such as toggling Rx VLAN offload, wx->do_reset() is called to reinitialize Rx rings. The hardware descriptor ring may retain stale values from previous sessions. And only set the length to 0 in rx_desc[0] would result in building malformed SKBs. Fix it to ensure a clean slate after device reset. [ 549.186435] [ C16] ------------[ cut here ]------------ [ 549.186457] [ C16] kernel BUG at net/core/skbuff.c:2814! [ 549.186468] [ C16] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 549.186472] [ C16] CPU: 16 UID: 0 PID: 0 Comm: swapper/16 Kdump: loaded Not tainted 6.16.0-rc4+ #23 PREEMPT(voluntary) [ 549.186476] [ C16] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024 [ 549.186478] [ C16] RIP: 0010:__pskb_pull_tail+0x3ff/0x510 [ 549.186484] [ C16] Code: 06 f0 ff 4f 34 74 7b 4d 8b 8c 24 c8 00 00 00 45 8b 84 24 c0 00 00 00 e9 c8 fd ff ff 48 c7 44 24 08 00 00 00 00 e9 5e fe ff ff <0f> 0b 31 c0 e9 23 90 5b ff 41 f7 c6 ff 0f 00 00 75 bf 49 8b 06 a8 [ 549.186487] [ C16] RSP: 0018:ffffb391c0640d70 EFLAGS: 00010282 [ 549.186490] [ C16] RAX: 00000000fffffff2 RBX: ffff8fe7e4d40200 RCX: 00000000fffffff2 [ 549.186492] [ C16] RDX: ffff8fe7c3a4bf8e RSI: 0000000000000180 RDI: ffff8fe7c3a4bf40 [ 549.186494] [ C16] RBP: ffffb391c0640da8 R08: ffff8fe7c3a4c0c0 R09: 000000000000000e [ 549.186496] [ C16] R10: ffffb391c0640d88 R11: 000000000000000e R12: ffff8fe7e4d40200 [ 549.186497] [ C16] R13: 00000000fffffff2 R14: ffff8fe7fa01a000 R15: 00000000fffffff2 [ 549.186499] [ C16] FS: 0000000000000000(0000) GS:ffff8fef5ae40000(0000) knlGS:0000000000000000 [ 549.186502] [ C16] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.186503] [ C16] CR2: 00007f77d81d6000 CR3: 000000051a032000 CR4: 0000000000750ef0 [ 549.186505] [ C16] PKRU: 55555554 [ 549.186507] [ C16] Call Trace: [ 549.186510] [ C16] <IRQ> [ 549.186513] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186517] [ C16] __skb_pad+0xc7/0xf0 [ 549.186523] [ C16] wx_clean_rx_irq+0x355/0x3b0 [libwx] [ 549.186533] [ C16] wx_poll+0x92/0x120 [libwx] [ 549.186540] [ C16] __napi_poll+0x28/0x190 [ 549.186544] [ C16] net_rx_action+0x301/0x3f0 [ 549.186548] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186551] [ C16] ? __raw_spin_lock_irqsave+0x1e/0x50 [ 549.186554] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186557] [ C16] ? wake_up_nohz_cpu+0x35/0x160 [ 549.186559] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186563] [ C16] handle_softirqs+0xf9/0x2c0 [ 549.186568] [ C16] __irq_exit_rcu+0xc7/0x130 [ 549.186572] [ C16] common_interrupt+0xb8/0xd0 [ 549.186576] [ C16] </IRQ> [ 549.186577] [ C16] <TASK> [ 549.186579] [ C16] asm_common_interrupt+0x22/0x40 [ 549.186582] [ C16] RIP: 0010:cpuidle_enter_state+0xc2/0x420 [ 549.186585] [ C16] Code: 00 00 e8 11 0e 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 0d ed 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [ 549.186587] [ C16] RSP: 0018:ffffb391c0277e78 EFLAGS: 00000246 [ 549.186590] [ C16] RAX: ffff8fef5ae40000 RBX: 0000000000000003 RCX: 0000000000000000 [ 549.186591] [ C16] RDX: 0000007fde0faac5 RSI: ffffffff826e53f6 RDI: ffffffff826fa9b3 [ 549.186593] [ C16] RBP: ffff8fe7c3a20800 R08: 0000000000000002 R09: 0000000000000000 [ 549.186595] [ C16] R10: 0000000000000000 R11: 000000000000ffff R12: ffffffff82ed7a40 [ 549.186596] [ C16] R13: 0000007fde0faac5 R14: 0000000000000003 R15: 0000000000000000 [ 549.186601] [ C16] ? cpuidle_enter_state+0xb3/0x420 [ 549.186605] [ C16] cpuidle_en ---truncated--- | 2025-08-16 | not yet calculated | CVE-2025-38532 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix the using of Rx buffer DMA The wx_rx_buffer structure contained two DMA address fields: 'dma' and 'page_dma'. However, only 'page_dma' was actually initialized and used to program the Rx descriptor. But 'dma' was uninitialized and used in some paths. This could lead to undefined behavior, including DMA errors or use-after-free, if the uninitialized 'dma' was used. Althrough such error has not yet occurred, it is worth fixing in the code. | 2025-08-16 | not yet calculated | CVE-2025-38533 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix copy-to-cache so that it performs collection with ceph+fscache The netfs copy-to-cache that is used by Ceph with local caching sets up a new request to write data just read to the cache. The request is started and then left to look after itself whilst the app continues. The request gets notified by the backing fs upon completion of the async DIO write, but then tries to wake up the app because NETFS_RREQ_OFFLOAD_COLLECTION isn't set - but the app isn't waiting there, and so the request just hangs. Fix this by setting NETFS_RREQ_OFFLOAD_COLLECTION which causes the notification from the backing filesystem to put the collection onto a work queue instead. | 2025-08-16 | not yet calculated | CVE-2025-38534 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on, regulator_is_enabled() continues to return true, leading to an incorrect attempt to disable a regulator which is not enabled. This can result in warnings such as: [ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004 _regulator_disable+0xe4/0x1a0 [ 250.155652] unbalanced disables for VIN_SYS_5V0 To fix this, we move the regulator control logic into tegra186_xusb_padctl_id_override() function since it's directly related to the ID override state. The regulator is now only disabled when the role transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID register. This ensures that regulator enable/disable operations are properly balanced and only occur when actually transitioning to/from host mode. | 2025-08-16 | not yet calculated | CVE-2025-38535 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: net: airoha: fix potential use-after-free in airoha_npu_get() np->name was being used after calling of_node_put(np), which releases the node and can lead to a use-after-free bug. Previously, of_node_put(np) was called unconditionally after of_find_device_by_node(np), which could result in a use-after-free if pdev is NULL. This patch moves of_node_put(np) after the error check to ensure the node is only released after both the error and success cases are handled appropriately, preventing potential resource issues. | 2025-08-16 | not yet calculated | CVE-2025-38536 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registered when probing/removing the genphy driver. This could occur if the leds are for a non-generic driver that isn't loaded for whatever reason. Synchronously removing the PHY device in phy_detach leads to the following deadlock: rtnl_lock() ndo_close() ... phy_detach() phy_remove() phy_leds_unregister() led_classdev_unregister() led_trigger_set() netdev_trigger_deactivate() unregister_netdevice_notifier() rtnl_lock() There is a corresponding deadlock on the open/register side of things (and that one is reported by lockdep), but it requires a race while this one is deterministic. Generic PHYs do not support LEDs anyway, so don't bother registering them. | 2025-08-16 | not yet calculated | CVE-2025-38537 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther than they should and corrupt memory. The changes to the second loop are more involved. In this case, we're copying data from the irqbuf[] array into the nbpf->chan[] array. If the data in irqbuf[i] is the error IRQ then we skip it, so the iterators are not in sync. I added a check to ensure that we don't go beyond the end of the irqbuf[] array. I'm pretty sure this can't happen, but it seemed harmless to add a check. On the other hand, after the loop has ended there is a check to ensure that the "chan" iterator is where we expect it to be. In the original code we went one element beyond the end of the array so the iterator wasn't in the correct place and it would always return -EINVAL. However, now it will always be in the correct place. I deleted the check since we know the result. | 2025-08-16 | not yet calculated | CVE-2025-38538 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: tracing: Add down_write(trace_event_sem) when adding trace event When a module is loaded, it adds trace events defined by the module. It may also need to modify the modules trace printk formats to replace enum names with their values. If two modules are loaded at the same time, the adding of the event to the ftrace_events list can corrupt the walking of the list in the code that is modifying the printk format strings and crash the kernel. The addition of the event should take the trace_event_sem for write while it adds the new event. Also add a lockdep_assert_held() on that semaphore in __trace_add_event_dirs() as it iterates the list. | 2025-08-16 | not yet calculated | CVE-2025-38539 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. Add these 2 devices to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace. | 2025-08-16 | not yet calculated | CVE-2025-38540 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. | 2025-08-16 | not yet calculated | CVE-2025-38541 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: net: appletalk: Fix device refcount leak in atrtr_create() When updating an existing route entry in atrtr_create(), the old device reference was not being released before assigning the new device, leading to a device refcount leak. Fix this by calling dev_put() to release the old device reference before holding the new one. | 2025-08-16 | not yet calculated | CVE-2025-38542 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'. | 2025-08-16 | not yet calculated | CVE-2025-38543 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg() and sendmsg() together. The preallocated call IDs will automatically be attached to calls as they come in until the pool is empty. To the kernel, the call IDs are just arbitrary numbers, but userspace can use the call ID to hold a pointer to prepared structs. In any case, the user isn't permitted to create two calls with the same call ID (call IDs become available again when the call ends) and EBADSLT should result from sendmsg() if an attempt is made to preallocate a call with an in-use call ID. However, the cleanup in the error handling will trigger both assertions in rxrpc_cleanup_call() because the call isn't marked complete and isn't marked as having been released. Fix this by setting the call state in rxrpc_service_prealloc_one() and then marking it as being released before calling the cleanup function. | 2025-08-16 | not yet calculated | CVE-2025-38544 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info While transitioning from netdev_alloc_ip_align() to build_skb(), memory for the "skb_shared_info" member of an "skb" was not allocated. Fix this by allocating "PAGE_SIZE" as the skb length, accounting for the packet length, headroom and tailroom, thereby including the required memory space for skb_shared_info. | 2025-08-16 | not yet calculated | CVE-2025-38545 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak. | 2025-08-16 | not yet calculated | CVE-2025-38546 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps The AXP717 ADC channel maps is missing a sentinel entry at the end. This causes a KASAN warning. Add the missing sentinel entry. | 2025-08-16 | not yet calculated | CVE-2025-38547 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd(). | 2025-08-16 | not yet calculated | CVE-2025-38548 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths When processing mount options, efivarfs allocates efivarfs_fs_info (sfi) early in fs_context initialization. However, sfi is associated with the superblock and typically freed when the superblock is destroyed. If the fs_context is released (final put) before fill_super is called-such as on error paths or during reconfiguration-the sfi structure would leak, as ownership never transfers to the superblock. Implement the .free callback in efivarfs_context_ops to ensure any allocated sfi is properly freed if the fs_context is torn down before fill_super, preventing this memory leak. | 2025-08-16 | not yet calculated | CVE-2025-38549 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return. | 2025-08-16 | not yet calculated | CVE-2025-38550 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix recursived rtnl_lock() during probe() The deadlock appears in a stack trace like: virtnet_probe() rtnl_lock() virtio_config_changed_work() netdev_notify_peers() rtnl_lock() It happens if the VMM sends a VIRTIO_NET_S_ANNOUNCE request while the virtio-net driver is still probing. The config_work in probe() will get scheduled until virtnet_open() enables the config change notification via virtio_config_driver_enable(). | 2025-08-16 | not yet calculated | CVE-2025-38551 |
| Linux--Linux | In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution is similar. Use a separate flag to track the condition 'socket state prevent any additional subflow creation' protected by the fallback lock. The socket fallback makes such flag true, and also receiving or sending an MP_FAIL option. The field 'allow_infinite_fallback' is now always touched under the relevant lock, we can drop the ONCE annotation on write. | 2025-08-16 | not yet calculated | CVE-2025-38552 |
| makeplane--plane | Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. | 2025-08-13 | not yet calculated | CVE-2025-50251 |
| Malwarebytes--Malwarebytes | An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters. | 2025-08-14 | not yet calculated | CVE-2023-43683 |
| Malwarebytes--Malwarebytes | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution. | 2025-08-14 | not yet calculated | CVE-2023-43687 |
| Malwarebytes--Malwarebytes | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes. | 2025-08-14 | not yet calculated | CVE-2023-43692 |
| Malwarebytes--Malwarebytes | An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service. | 2025-08-14 | not yet calculated | CVE-2023-43694 |
| myBB Group--Forum Software | myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application. | 2025-08-13 | not yet calculated | CVE-2011-10018 |
| N-able--N-central | Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1. | 2025-08-14 | not yet calculated | CVE-2025-8875 |
| N-able--N-central | Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | 2025-08-14 | not yet calculated | CVE-2025-8876 |
| n/a--Empirebak 2010 | An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. | 2025-08-14 | not yet calculated | CVE-2025-50515 |
| n/a--EyouCMS | EyouCMS 1.7.3 is vulnerable to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. | 2025-08-14 | not yet calculated | CVE-2025-52335 |
| n/a--hortusfox-web | A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter. | 2025-08-13 | not yet calculated | CVE-2025-45313 |
| n/a--hortusfox-web | A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function. | 2025-08-13 | not yet calculated | CVE-2025-45314 |
| n/a--hortusfox-web | A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter. | 2025-08-13 | not yet calculated | CVE-2025-45315 |
| n/a--hortusfox-web | A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter. | 2025-08-13 | not yet calculated | CVE-2025-45316 |
| n/a--hortusfox-web | A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. | 2025-08-13 | not yet calculated | CVE-2025-45317 |
| n/a--libcoap | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. | 2025-08-14 | not yet calculated | CVE-2025-50518 |
| n/a--libcsp | libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. The function uses strcpy to copy the interface name into a structure member (ctx->name) without validating the input length. | 2025-08-11 | not yet calculated | CVE-2025-51823 |
| n/a--libcsp | libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c. | 2025-08-11 | not yet calculated | CVE-2025-51824 |
| n/a--Lotus Cars Android app | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. This poses a risk of unintended access to application internals and can cause denial of service or logic abuse. | 2025-08-14 | not yet calculated | CVE-2025-50861 |
| n/a--Lotus Cars Android app | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure. | 2025-08-14 | not yet calculated | CVE-2025-50862 |
| n/a--MarkTwo Markdown Editor | Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before rendering it. Successful exploitation could lead to session hijacking, credential theft, or arbitrary client-side code execution in the context of the victim's browser. | 2025-08-13 | not yet calculated | CVE-2025-51691 |
| n/a--OURPHP | OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface. | 2025-08-14 | not yet calculated | CVE-2025-51965 |
| n/a--Python-Future | A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. When the module is loaded, it automatically imports test.py, if present in the same directory or in the sys.path. This behavior can be exploited by an attacker who has the ability to write files to the server, allowing the execution of arbitrary code. | 2025-08-14 | not yet calculated | CVE-2025-50817 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50608 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of specify_parame in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50609 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50610 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50611 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50612 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50613 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50614 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50615 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_advanced_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50616 |
| Netis--WF2880 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wps_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50617 |
| Netis--WF2880 | A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | 2025-08-13 | not yet calculated | CVE-2025-50635 |
| NetOp--Remote Control Client | NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened. | 2025-08-13 | not yet calculated | CVE-2011-10012 |
| Netskope--Netskope Client | Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine. | 2025-08-14 | not yet calculated | CVE-2024-7402 |
| Netskope--Netskope Client | An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges. | 2025-08-14 | not yet calculated | CVE-2025-0309 |
| Netskope--Netskope Client | Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine. | 2025-08-14 | not yet calculated | CVE-2025-5941 |
| Netskope--Netskope Client | Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine. | 2025-08-14 | not yet calculated | CVE-2025-5942 |
| netty--netty | Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final. | 2025-08-13 | not yet calculated | CVE-2025-55163 |
| NixOS--hydra | Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-party project as part of its build process. This also happens in other places like with hydra-release-name. This issue has been patched by commit dea1e16. A workaround involves either not building untrusted packages or not visiting the builds page. | 2025-08-12 | not yet calculated | CVE-2025-54800 |
| NixOS--hydra | Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be very taxing on the infrastructure when large evaluations are done, introducing potential denial of service attacks on the host running the evaluator. This issue has been patched by commit f7bda02. A workaround involves blocking /api/push-github and /api/push-gitea via a reverse proxy. | 2025-08-12 | not yet calculated | CVE-2025-54864 |
| OliveTin--OliveTin | OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. | 2025-08-13 | not yet calculated | CVE-2025-50946 |
| Openfiler--Openfiler | Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the openfiler user. Due to misconfigured sudoers, the openfiler user can escalate privileges to root via sudo /bin/bash without a password. | 2025-08-11 | not yet calculated | CVE-2012-10040 |
| OPPO--OPPO HEALTH APP | Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | 2025-08-14 | not yet calculated | CVE-2025-27388 |
| OSGeo--spatialreference.org | A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a specially formed URL with malicious JavaScript code, which is then reflected back and executed in the victim's browser. This flaw allows an attacker to execute arbitrary JavaScript in the context of the victim's session, potentially leading to session hijacking, phishing attacks, data theft, or redirection to malicious sites. The issue is exposed on publicly accessible pages, making it exploitable by an unauthenticated attacker. | 2025-08-13 | not yet calculated | CVE-2025-50690 |
| Palo Alto Networks--Checkov by Prisma Cloud | An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud. This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415. | 2025-08-13 | not yet calculated | CVE-2025-2180 |
| Palo Alto Networks--Checkov by Prisma Cloud | A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. | 2025-08-13 | not yet calculated | CVE-2025-2181 |
| Palo Alto Networks--Cloud NGFW | A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. | 2025-08-13 | not yet calculated | CVE-2025-2182 |
| Palo Alto Networks--Cortex XDR Broker VM | A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations. The attacker must have network access to the Broker VM to exploit this issue. | 2025-08-13 | not yet calculated | CVE-2025-2184 |
| Palo Alto Networks--GlobalProtect App | An insufficient certificate validation issue in the Palo Alto Networks GlobalProtectâ„¢ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. | 2025-08-13 | not yet calculated | CVE-2025-2183 |
| phoca.cz--phoca.cz - Phoca Commander for Joomla | An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature. | 2025-08-15 | not yet calculated | CVE-2025-54473 |
| PHP Volunteer Management--PHP Volunteer Management | PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request. | 2025-08-13 | not yet calculated | CVE-2012-10056 |
| PhpTax--PhpTax | PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required. | 2025-08-11 | not yet calculated | CVE-2012-10037 |
| py-pdf--pypdf | pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file. | 2025-08-13 | not yet calculated | CVE-2025-55197 |
| pyload--pyload | pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched in version 0.5.0b3.dev91. | 2025-08-11 | not yet calculated | CVE-2025-55156 |
| QuickShareHQ--QuickShare File Server | QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement. | 2025-08-13 | not yet calculated | CVE-2011-10010 |
| RabidHamster--R4 Embedded Server | RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process. | 2025-08-13 | not yet calculated | CVE-2012-10058 |
| rails--rails | Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1. | 2025-08-13 | not yet calculated | CVE-2025-55193 |
| RealNetworks Inc.--Netzip Classic | Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened. | 2025-08-13 | not yet calculated | CVE-2011-10016 |
| Rockwell Automation--1756-EN2T/D | A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow. | 2025-08-14 | not yet calculated | CVE-2025-7353 |
| Rockwell Automation--5032-CFGB16M12P5DR | A security issue exists within the 5032 16pt Digital Configurable module's web server. The web server's session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable. | 2025-08-14 | not yet calculated | CVE-2025-7773 |
| Rockwell Automation--5032-CFGB16M12P5DR | A security issue exists within the 5032 16pt Digital Configurable module's web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions. | 2025-08-14 | not yet calculated | CVE-2025-7774 |
| Rockwell Automation--FactoryTalk Action Manager | A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. This token is broadcasted over a WebSocket and can be intercepted by any local client listening on the connection. | 2025-08-14 | not yet calculated | CVE-2025-9036 |
| Rockwell Automation--FactoryTalk Linx | A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to 'development', the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers. | 2025-08-14 | not yet calculated | CVE-2025-7972 |
| Rockwell Automation--FactoryTalk ViewPoint | A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation. | 2025-08-14 | not yet calculated | CVE-2025-7973 |
| Rockwell Automation--FLEX 5000 I/O | A security issue exists due to improper handling of CIP Class 32's request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | 2025-08-14 | not yet calculated | CVE-2025-9041 |
| Rockwell Automation--FLEX 5000 I/O | A security issue exists due to improper handling of CIP Class 32's request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle. | 2025-08-14 | not yet calculated | CVE-2025-9042 |
| Rockwell Automation--Studio 5000 Logix Designer | A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. | 2025-08-14 | not yet calculated | CVE-2025-7971 |
| S40 CMS--S40 CMS | S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely without authentication by appending traversal sequences and a null byte to bypass file extension checks. | 2025-08-13 | not yet calculated | CVE-2011-10009 |
| SA-MP Team--San Andreas Multiplayer | GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server binary (samp-server.exe) processes a crafted echo directive containing excessive input. The original 'sa-mp.com' site is defunct, but the community maintains mirrors and forks that may be vulnerable. | 2025-08-13 | not yet calculated | CVE-2011-10014 |
| Seagate--Toolkit | The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a malicious Program.exe file, which would execute with SYSTEM privileges. | 2025-08-14 | not yet calculated | CVE-2025-9043 |
| ServiceNow--ServiceNow AI Platform | ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications. This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. | 2025-08-12 | not yet calculated | CVE-2025-3089 |
| Shenzhen Tuoshi--NR500-EA | Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. | 2025-08-13 | not yet calculated | CVE-2025-43982 |
| Shenzhen Tuoshi--NR500-EA | The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. By setting a username=admin cookie (bypassing normal session checks), an unauthenticated attacker can use that parameter to execute arbitrary OS commands. | 2025-08-13 | not yet calculated | CVE-2025-43989 |
| SILA Embedded Solutions GmbH--freemodbus | An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet. | 2025-08-14 | not yet calculated | CVE-2025-51986 |
| Soosyze--Soosyze CMS | Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restrictions, potentially gaining unauthorized administrative access. This vulnerability corresponds to CWE-307: Improper Restriction of Excessive Authentication Attempts. | 2025-08-13 | not yet calculated | CVE-2025-52392 |
| Spreecommerce--Spreecommerce | Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby's send method. This allows attackers to execute arbitrary shell commands on the server without authentication. | 2025-08-13 | not yet calculated | CVE-2011-10019 |
| Studio 3T--Studio 3T | An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module | 2025-08-13 | not yet calculated | CVE-2025-52385 |
| SUSE Linux--Enterprise Module for Development Tools | A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them-using malformed frames or flow control errors-an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released. | 2025-08-13 | not yet calculated | CVE-2025-8671 |
| Symmetrix Technologies--Snort Report | Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system. | 2025-08-13 | not yet calculated | CVE-2011-10017 |
| Synergetic Data Systems Inc.--UnForm Server Manager | UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insufficient input validation and lack of path sanitization, attackers can supply relative paths to access arbitrary files on the host system - including sensitive OS-level files - without authentication. | 2025-08-13 | not yet calculated | CVE-2025-34154 |
| Sysax Software--Multi Server | Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service. | 2025-08-13 | not yet calculated | CVE-2012-10060 |
| telstra--open-kilda | OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0. | 2025-08-11 | not yet calculated | CVE-2025-54992 |
| tokio-rs--slab | slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length. | 2025-08-11 | not yet calculated | CVE-2025-55159 |
| TOTOLINK--A7000R | In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | 2025-08-13 | not yet calculated | CVE-2025-51452 |
| TOTOLINK--EX1200T | In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | 2025-08-13 | not yet calculated | CVE-2025-51451 |
| Traq Project--Issue Tracking System | Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code. | 2025-08-13 | not yet calculated | CVE-2011-10013 |
| Umbraco--CMS | Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely. | 2025-08-13 | not yet calculated | CVE-2012-10054 |
| Unknown--CBX Restaurant Booking | The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2025-08-11 | not yet calculated | CVE-2025-7965 |
| Unknown--disable-right-click-powered-by-pixterme | The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert marketing security services. Users that pay are added to allowedDomains to suppress the popup. | 2025-08-14 | not yet calculated | CVE-2025-8047 |
| Unknown--Ebook Store | The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | 2025-08-16 | not yet calculated | CVE-2025-8113 |
| Unknown--Injection Guard | The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 2025-08-14 | not yet calculated | CVE-2025-8046 |
| Unknown--LatePoint | The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | 2025-08-13 | not yet calculated | CVE-2025-6715 |
| Unknown--PPWP Password Protect Pages | The PPWP - Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API. | 2025-08-14 | not yet calculated | CVE-2025-5998 |
| Unknown--Quiz and Survey Master (QSM) | The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2025-08-14 | not yet calculated | CVE-2025-6790 |
| Unknown--Structured Content (JSON-LD) #wpsc | The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-08-14 | not yet calculated | CVE-2025-3414 |
| Unknown--WP Shopify | The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-08-14 | not yet calculated | CVE-2025-7808 |
| vancluever--z2d | z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing (SSAA) method. Under certain circumstances where the path being drawn existed in whole or partly outside of the rendering surface, incorrect bounding could cause out-of-bounds access within the coverage buffer. This affects the higher-level drawing operations, such as Context.fill, Context.stroke, painter.fill, and painter.stroke, when either the .default or .multisample_4x anti-aliasing modes were used. .supersample_4x was not affected, nor was drawing without anti-aliasing. In non-safe optimization modes (consumers compiling with ReleaseFast or ReleaseSmall), this could potentially lead to invalid memory accesses or corruption. z2d v0.7.1 fixes this issue, and it's recommended to upgrade to v0.7.1, or, given the small period of time v0.7.0 has been released, use v0.7.1 immediately, skipping v0.7.0. | 2025-08-16 | not yet calculated | CVE-2025-55286 |
| vim--vim | Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim's internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400. | 2025-08-11 | not yet calculated | CVE-2025-55157 |
| vim--vim | Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim's internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406. | 2025-08-11 | not yet calculated | CVE-2025-55158 |
| WeBid--WeBid | WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application. | 2025-08-13 | not yet calculated | CVE-2011-10011 |
| withastro--astro | Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the external origin //astro.build/press. However, with the Node deployment adapter in standalone mode and trailingSlash set to "always" in the Astro configuration, https://example.com//astro.build/press still redirects to //astro.build/press. This affects any user who clicks on a specially crafted link pointing to the affected domain. Since the domain appears legitimate, victims may be tricked into trusting the redirected page, leading to possible credential theft, malware distribution, or other phishing-related attacks. This issue has been patched in version 9.4.1. | 2025-08-15 | not yet calculated | CVE-2025-55207 |
| Wulkano--KAP | Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0. | 2025-08-15 | not yet calculated | CVE-2025-7961 |
| YugabyteDB Inc--YugabyteDB | YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted. | 2025-08-11 | not yet calculated | CVE-2025-8862 |
| YugabyteDB Inc--YugabyteDB | YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission | 2025-08-11 | not yet calculated | CVE-2025-8863 |
| YugabyteDB Inc--YugabyteDB | The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service. | 2025-08-11 | not yet calculated | CVE-2025-8865 |
| YugabyteDB Inc--YugabyteDB Anywhere | Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs | 2025-08-11 | not yet calculated | CVE-2025-8864 |
| YugabyteDB Inc--YugabyteDB Anywhere | YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records. | 2025-08-11 | not yet calculated | CVE-2025-8866 |
| zed-industries--zed | Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access. | 2025-08-11 | not yet calculated | CVE-2025-55012 |
| ZEN Load Balancer--ZEN Load Balancer | ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user. ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor. | 2025-08-11 | not yet calculated | CVE-2012-10039 |
| ZKTeco Co--WL20 Biometric Attendance System | This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the unencrypted credentials stored in the firmware of targeted device. | 2025-08-13 | not yet calculated | CVE-2025-54464 |
| ZKTeco Co--WL20 Biometric Attendance System | This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device. | 2025-08-13 | not yet calculated | CVE-2025-54465 |
| ZKTeco Co--WL20 Biometric Attendance System | This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform unauthorized decryption of sensitive data and Man-in-the-Middle (MitM) attacks on the targeted device. | 2025-08-13 | not yet calculated | CVE-2025-55279 |
| ZKTeco Co--WL20 Biometric Attendance System | This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the plaintext sensitive data stored in the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized network access, retrieve and manipulate data on the targeted device. | 2025-08-13 | not yet calculated | CVE-2025-55280 |
Please share your thoughts
We recently updated our anonymous product survey; we welcome your feedback.