Patch Tuesday — August 2025

2025-08-12 · 993 CVEs

CVEs published or modified the week of 2025-08-12, partitioned by vendor.

Microsoft (151 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53766Critical9.82025-08-12Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-50165Critical9.82025-08-12Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-50171Critical9.12025-08-12Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-8901High8.82025-08-13Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2025-8882High8.82025-08-13Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
CVE-2025-8880High8.82025-08-13Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2025-8879High8.82025-08-13Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures.
CVE-2025-53778High8.82025-08-12Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-53772High8.82025-08-12Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
CVE-2025-53727High8.82025-08-12Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-53145High8.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
CVE-2025-53144High8.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
CVE-2025-53143High8.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
CVE-2025-53131High8.82025-08-12Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-50163High8.82025-08-12Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49759High8.82025-08-12Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49758High8.82025-08-12Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-49757High8.82025-08-12Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49712High8.82025-08-12Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-47954High8.82025-08-12Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-24999High8.82025-08-12Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-53784High8.42025-08-12Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53740High8.42025-08-12Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53733High8.42025-08-12Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53731High8.42025-08-12Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-50177High8.12025-08-12Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
CVE-2025-53720High8.02025-08-12Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-50164High8.02025-08-12Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-50162High8.02025-08-12Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-50160High8.02025-08-12Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-49707High7.92025-08-12Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.
CVE-2025-23304High7.82025-08-13NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata.
CVE-2025-23303High7.82025-08-13NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution.
CVE-2025-54232High7.82025-08-12Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54231High7.82025-08-12Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54230High7.82025-08-12Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54229High7.82025-08-12Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54222High7.82025-08-12Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54226High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54225High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54224High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54223High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54221High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54220High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54219High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54218High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54217High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54216High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54215High7.82025-08-12InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54213High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54212High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54211High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54210High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54209High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54208High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54207High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-54206High7.82025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49570High7.82025-08-12Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49561High7.82025-08-12Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-53789High7.82025-08-12Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2025-53773High7.82025-08-12Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2025-53761High7.82025-08-12Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-53759High7.82025-08-12Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53741High7.82025-08-12Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53739High7.82025-08-12Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53738High7.82025-08-12Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53737High7.82025-08-12Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53735High7.82025-08-12Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53734High7.82025-08-12Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-53732High7.82025-08-12Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53730High7.82025-08-12Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-53729High7.82025-08-12Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-53726High7.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53725High7.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53724High7.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53723High7.82025-08-12Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-53155High7.82025-08-12Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-53154High7.82025-08-12Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-53152High7.82025-08-12Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.
CVE-2025-53151High7.82025-08-12Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-53149High7.82025-08-12Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-53141High7.82025-08-12Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-53133High7.82025-08-12Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-53132High7.82025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-50176High7.82025-08-12Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.
CVE-2025-50173High7.82025-08-12Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-50170High7.82025-08-12Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-50168High7.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2025-50155High7.82025-08-12Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-50153High7.82025-08-12Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-49761High7.82025-08-12Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-49564High7.82025-08-12Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49563High7.82025-08-12Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-53781High7.72025-08-12Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
CVE-2025-53793High7.52025-08-12Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
CVE-2025-53783High7.52025-08-12Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
CVE-2025-53722High7.52025-08-12Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
CVE-2025-50169High7.52025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.
CVE-2025-33051High7.52025-08-12Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.
CVE-2025-50161High7.32025-08-12Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-50159High7.32025-08-12Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.
CVE-2025-53779High7.22025-08-12Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2025-53760High7.12025-08-12Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2025-53788High7.02025-08-12Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2025-53721High7.02025-08-12Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53718High7.02025-08-12Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-53147High7.02025-08-12Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-53142High7.02025-08-12Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-53140High7.02025-08-12Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-53137High7.02025-08-12Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-53135High7.02025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-53134High7.02025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-50167High7.02025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-50158High7.02025-08-12Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.
CVE-2025-49762High7.02025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-53736Medium6.82025-08-12Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2025-49751Medium6.82025-08-12Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-49743Medium6.72025-08-12Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-48807Medium6.72025-08-12Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2025-8881Medium6.52025-08-13Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page.
CVE-2025-53728Medium6.52025-08-12Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53716Medium6.52025-08-12Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVE-2025-50172Medium6.52025-08-12Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.
CVE-2025-50166Medium6.52025-08-12Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.
CVE-2025-50154Medium6.52025-08-12Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25005Medium6.52025-08-12Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
CVE-2025-53719Medium5.72025-08-12Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-53153Medium5.72025-08-12Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-53148Medium5.72025-08-12Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-53138Medium5.72025-08-12Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-50157Medium5.72025-08-12Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-50156Medium5.72025-08-12Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
CVE-2025-54238Medium5.52025-08-12Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54233Medium5.52025-08-12Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54228Medium5.52025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54227Medium5.52025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54214Medium5.52025-08-12InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-49562Medium5.52025-08-12Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-53769Medium5.52025-08-12External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
CVE-2025-53156Medium5.52025-08-12Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-53136Medium5.52025-08-12Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.
CVE-2025-49568Medium5.52025-08-12Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-49567Medium5.52025-08-12Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2025-49745Medium5.42025-08-12Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-36047Medium5.32025-08-14IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request.
CVE-2025-33142Medium5.32025-08-14IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
CVE-2025-25007Medium5.32025-08-12Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25006Medium5.32025-08-12Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-53765Medium4.42025-08-12Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
CVE-2025-49755Medium4.32025-08-12User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49736Medium4.32025-08-12The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Other vendors (842 CVEs across 348 vendors)

N/a · 110 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-50518Critical9.82025-08-14A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library.
CVE-2025-27845Critical9.82025-08-14In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret.
CVE-2025-43984Critical9.82025-08-14An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211).
CVE-2025-43986Critical9.82025-08-13An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices.
CVE-2025-43982Critical9.82025-08-13Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default.
CVE-2025-52385Critical9.82025-08-13An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
CVE-2025-51451Critical9.82025-08-13In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
CVE-2025-50594Critical9.82025-08-13An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.
CVE-2025-51452Critical9.82025-08-13In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
CVE-2025-43983Critical9.12025-08-14KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process.
CVE-2025-50251Critical9.12025-08-13Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery.
CVE-2024-53946High8.82025-08-14The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface.
CVE-2024-53945High8.82025-08-14The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd.
CVE-2025-8715High8.82025-08-14Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-comm…
CVE-2025-8714High8.82025-08-14Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-…
CVE-2025-24325High8.82025-08-12Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20093High8.22025-08-12Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22889High7.92025-08-12Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-25273High7.82025-08-12Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24486High7.82025-08-12Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24484High7.82025-08-12Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24303High7.82025-08-12Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22893High7.82025-08-12Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22836High7.82025-08-12Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20109High7.82025-08-12Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20074High7.82025-08-12Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-51986High7.52025-08-14An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet.
CVE-2023-43692High7.52025-08-14An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later).
CVE-2025-43988High7.52025-08-13KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials.
CVE-2025-50617High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file.
CVE-2025-50616High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file.
CVE-2025-50615High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file.
CVE-2025-50614High7.52025-08-13A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file.
CVE-2025-50613High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file.
CVE-2025-50612High7.52025-08-13A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file.
CVE-2025-50611High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file.
CVE-2025-50610High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file.
CVE-2025-50609High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file.
CVE-2025-50608High7.52025-08-13A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file.
CVE-2025-50635High7.52025-08-13A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445.
CVE-2025-22839High7.52025-08-12Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
CVE-2025-21086High7.52025-08-12Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege.
CVE-2025-22840High7.42025-08-12Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
CVE-2025-20625High7.42025-08-12Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2025-23241High7.32025-08-12Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-32086High7.22025-08-12Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via loca…
CVE-2025-26403High7.22025-08-12Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-24305High7.22025-08-12Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-20053High7.22025-08-12Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-20037High7.22025-08-12Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-27717Medium6.72025-08-12Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access
CVE-2025-27559Medium6.72025-08-12Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-26470Medium6.72025-08-12Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-26404Medium6.72025-08-12Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24923Medium6.72025-08-12Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24302Medium6.72025-08-12Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22838Medium6.72025-08-12Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-21093Medium6.72025-08-12Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20627Medium6.72025-08-12Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20099Medium6.72025-08-12Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20092Medium6.72025-08-12Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20087Medium6.72025-08-12Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20048Medium6.72025-08-12Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20023Medium6.72025-08-12Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-20017Medium6.72025-08-12Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24921Medium6.62025-08-12Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
CVE-2025-50861Medium6.52025-08-14The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps.
CVE-2023-43687Medium6.52025-08-14An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later).
CVE-2025-50515Medium6.52025-08-14An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.
CVE-2023-43683Medium6.52025-08-14An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later).
CVE-2025-43989Medium6.52025-08-13The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command.
CVE-2025-50946Medium6.52025-08-13OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.
CVE-2025-24835Medium6.52025-08-12Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-24515Medium6.52025-08-12NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-24323Medium6.52025-08-12Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-21090Medium6.52025-08-12Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-51965Medium6.12025-08-14OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface.
CVE-2025-51691Medium6.12025-08-13Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface.
CVE-2025-50690Medium6.12025-08-13A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491).
CVE-2025-24296Medium6.02025-08-12Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access.
CVE-2025-20067Medium6.02025-08-12Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access.
CVE-2025-50862Medium5.92025-08-14The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices.
CVE-2025-24840Medium5.82025-08-12Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2025-26472Medium5.72025-08-12Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2025-27537Medium5.52025-08-12Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2025-50817Medium5.42025-08-14A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py.
CVE-2025-52392Medium5.42025-08-13Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms.
CVE-2025-52386Medium5.42025-08-13CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file
CVE-2025-20077Medium5.32025-08-12Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via local access.
CVE-2023-43694Medium5.22025-08-14An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later).
CVE-2025-24313Medium4.42025-08-12Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2025-22392Medium4.42025-08-12Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access.
CVE-2025-20025Medium4.42025-08-12Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-27847Medium4.32025-08-14In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout.
CVE-2025-27846Medium4.32025-08-14In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.
CVE-2025-20044Medium4.12025-08-12Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-32004Low3.92025-08-12Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-26863Low3.82025-08-12Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.
CVE-2025-27250Low3.52025-08-12Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2025-24523Low3.52025-08-12Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2025-26697Low3.32025-08-12Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service.
CVE-2025-24520Low3.32025-08-12Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-24511Low3.32025-08-12Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure.
CVE-2025-20613Low3.32025-08-12Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-8713Low3.12025-08-14PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access.
CVE-2025-27576Low2.92025-08-12Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2025-24324Low2.82025-08-12Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-27707Low2.62025-08-12Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent…
CVE-2025-22853Low2.32025-08-12Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-21096Low1.92025-08-12Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

Adobe · 31 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49557High8.72025-08-12Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject maliciou…
CVE-2025-49555High8.12025-08-12Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation.
CVE-2025-54187High7.82025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49573High7.82025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49572High7.82025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49571High7.82025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49569High7.82025-08-12Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49560High7.82025-08-12Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2025-49556High7.52025-08-12Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2025-49554High7.52025-08-12Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service.
CVE-2025-49558Medium5.92025-08-12Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass.
CVE-2025-54235Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54205Medium5.52025-08-12Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54204Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54203Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54202Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54201Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54200Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54199Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54198Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54197Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54195Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54194Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54193Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54192Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54191Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54190Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54189Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54188Medium5.52025-08-12Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-54186Medium5.52025-08-12Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2025-49559Medium5.32025-08-12Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a se…

Cisco · 29 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-20265Critical10.02025-08-14A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  T…
CVE-2025-20263High8.62025-08-14A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer ove…
CVE-2025-20253High8.62025-08-14A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition…
CVE-2025-20243High8.62025-08-14A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. …
CVE-2025-20239High8.62025-08-14A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an una…
CVE-2025-20222High8.62025-08-14A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attack…
CVE-2025-20217High8.62025-08-14A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a…
CVE-2025-20136High8.62025-08-14A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could…
CVE-2025-20134High8.62025-08-14A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device t…
CVE-2025-20133High8.62025-08-14A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly st…
CVE-2025-20251High8.52025-08-14A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or de…
CVE-2025-20148High8.52025-08-14A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulner…
CVE-2025-20244High7.72025-08-14A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN…
CVE-2025-20127High7.72025-08-14A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devic…
CVE-2025-20301Medium6.52025-08-14A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing a…
CVE-2025-20235Medium6.12025-08-14A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface…
CVE-2025-20238Medium6.02025-08-14A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat…
CVE-2025-20237Medium6.02025-08-14A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat…
CVE-2025-20220Medium6.02025-08-14A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying opera…
CVE-2025-20268Medium5.82025-08-14A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections…
CVE-2025-20254Medium5.82025-08-14A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to…
CVE-2025-20252Medium5.82025-08-14A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to…
CVE-2025-20225Medium5.82025-08-14A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an una…
CVE-2025-20224Medium5.82025-08-14A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to…
CVE-2025-20219Medium5.32025-08-14A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate…
CVE-2025-20306Medium4.92025-08-14A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlyi…
CVE-2025-20218Medium4.92025-08-14A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability…
CVE-2025-20302Medium4.32025-08-14A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missin…
CVE-2025-20135Medium4.32025-08-14A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust avail…

Siemens · 29 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40746Critical9.12025-08-12A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2).
CVE-2025-40758High8.72025-08-14A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21).
CVE-2025-40743High8.32025-08-12A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1…
CVE-2024-54678High8.22025-08-12A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All version…
CVE-2025-40767High7.82025-08-12A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0).
CVE-2025-40764High7.82025-08-12A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002).
CVE-2025-40762High7.82025-08-12A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002).
CVE-2025-40759High7.82025-08-12A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All ver…
CVE-2025-30033High7.82025-08-12The affected setup component is vulnerable to DLL hijacking.
CVE-2025-40761High7.62025-08-12A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX…
CVE-2024-52504High7.52025-08-12A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V…
CVE-2025-40770High7.42025-08-12A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions).
CVE-2025-40769High7.42025-08-12A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0).
CVE-2025-40768High7.32025-08-12A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0).
CVE-2024-41979High7.12025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2024-41986Medium6.42025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2025-40751Medium6.32025-08-12A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3).
CVE-2025-40753Medium6.22025-08-12A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (A…
CVE-2025-40752Medium6.22025-08-12A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (A…
CVE-2025-30034Medium6.22025-08-12A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3).
CVE-2025-40766Medium5.52025-08-12A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0).
CVE-2025-40584Medium5.52025-08-12A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION S…
CVE-2024-41982Medium4.82025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2025-33023Medium4.12025-08-12A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX…
CVE-2024-41983Low3.52025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2024-41980Low3.12025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2024-41985Low2.62025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2024-41984Low2.62025-08-12A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506).
CVE-2025-40570Low2.42025-08-12A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versi…

Itsourcecode · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9010High7.32025-08-15A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-9009High7.32025-08-15A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-9008High7.32025-08-15A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8993High7.32025-08-15A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8984High7.32025-08-14A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8983High7.32025-08-14A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8982High7.32025-08-14A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8981High7.32025-08-14A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8972High7.32025-08-14A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8971High7.32025-08-14A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8970High7.32025-08-14A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8969High7.32025-08-14A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8968High7.32025-08-14A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8967High7.32025-08-14A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0.
CVE-2025-8966High7.32025-08-14A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0.

Sap_se · 15 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-42957Critical9.92025-08-12SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
CVE-2025-42950Critical9.92025-08-12SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.
CVE-2025-42951High8.82025-08-12Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, an…
CVE-2025-42976High8.12025-08-12SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error.
CVE-2025-42946Medium6.92025-08-12Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to se…
CVE-2025-42975Medium6.12025-08-12SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script.
CVE-2025-42948Medium6.12025-08-12Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible.
CVE-2025-42945Medium6.12025-08-12SAP NetWeaver Application Server ABAP has HTML injection vulnerability.
CVE-2025-42942Medium6.12025-08-12SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability.
CVE-2025-42949Medium4.92025-08-12Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console.
CVE-2025-42943Medium4.52025-08-12SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths.
CVE-2025-42934Medium4.32025-08-12SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection.
CVE-2025-42935Medium4.12025-08-12The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosur…
CVE-2025-42955Low3.52025-08-12Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections.
CVE-2025-42941Low3.52025-08-12SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements.

Fortinet · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25256Critical9.82025-08-12An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and befor…
CVE-2025-52970High8.12025-08-12A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining…
CVE-2024-26009High8.12025-08-12An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1…
CVE-2025-53744High7.22025-08-12An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with hig…
CVE-2025-49813High7.22025-08-12An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execu…
CVE-2024-48892Medium6.82025-08-12A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.
CVE-2025-47857Medium6.72025-08-12A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary cod…
CVE-2025-27759Medium6.72025-08-12An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an au…
CVE-2023-45584Medium6.62025-08-12A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 thro…
CVE-2025-32932Medium6.52025-08-12An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all ver…
CVE-2025-32766Medium6.42025-08-12A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands
CVE-2024-52964Medium5.52025-08-12An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud v…
CVE-2025-25248Medium5.32025-08-12An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and belo…
CVE-2024-40588Medium4.42025-08-12Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0…

Linksys · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8833High8.82025-08-11A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8832High8.82025-08-11A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8831High8.82025-08-11A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8826High8.82025-08-11A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8824High8.82025-08-11A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8822High8.82025-08-11A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8820High8.82025-08-11A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8830Medium6.32025-08-11A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8829Medium6.32025-08-11A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8828Medium6.32025-08-11A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8827Medium6.32025-08-11A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8825Medium6.32025-08-11A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8823Medium6.32025-08-11A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.
CVE-2025-8821Medium6.32025-08-11A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801.

Mattermost · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54525High7.52025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body.
CVE-2025-52931High7.52025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body.
CVE-2025-54478High7.22025-08-11Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint.
CVE-2025-44004High7.22025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel sub…
CVE-2025-48731Medium6.42025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint.
CVE-2025-54463Medium5.92025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
CVE-2025-53514Medium5.92025-08-11Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body.
CVE-2025-54458Medium5.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription e…
CVE-2025-8285Medium4.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription end…
CVE-2025-53910Medium4.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription end…
CVE-2025-44001Medium4.02025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions…
CVE-2025-53857Low3.72025-08-11Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChanne…
CVE-2025-49221Low3.72025-08-11Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint.

Gitlab · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7739High8.72025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content i…
CVE-2025-7734High8.72025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of…
CVE-2025-6186High8.72025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.
CVE-2024-12303Medium6.72025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permission…
CVE-2025-8770Medium6.52025-08-13An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval po…
CVE-2025-2937Medium6.52025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending speciall…
CVE-2025-2614Medium6.52025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specia…
CVE-2025-1477Medium6.52025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending spec…
CVE-2024-10219Medium6.52025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and down…
CVE-2025-5819Medium5.02025-08-13An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected bra…
CVE-2025-2498Low3.12025-08-13An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups…

Code-projects · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8955High7.32025-08-14A vulnerability has been found in PHPGurukul Hospital Management System 4.0.
CVE-2025-8954High7.32025-08-14A vulnerability was identified in PHPGurukul Hospital Management System 4.0.
CVE-2025-9025Medium6.32025-08-15A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0.
CVE-2025-8931Medium6.32025-08-14A vulnerability was determined in code-projects Medical Store Management System 1.0.
CVE-2025-8930Medium6.32025-08-14A vulnerability was found in code-projects Medical Store Management System 1.0.
CVE-2025-8929Medium6.32025-08-13A vulnerability has been found in code-projects Medical Store Management System 1.0.
CVE-2025-8928Medium6.32025-08-13A vulnerability was identified in code-projects Medical Store Management System 1.0.
CVE-2025-8859Medium6.32025-08-11A vulnerability was identified in code-projects eBlog Site 1.0.
CVE-2025-8964Medium5.32025-08-14A vulnerability was identified in code-projects Hostel Management System 1.0.
CVE-2025-8962Medium5.32025-08-14A vulnerability was found in code-projects Hostel Management System 1.0.

Openatom · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-27577High8.42025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
CVE-2025-27128High8.42025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
CVE-2025-25278High8.42025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
CVE-2025-24298High8.42025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
CVE-2025-27562Low3.32025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-27536Low3.32025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
CVE-2025-26690Low3.32025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-25212Low3.32025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
CVE-2025-24925Low3.32025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
CVE-2025-24844Low3.32025-08-11in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.

Rockwell Automation · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7972Critical9.12025-08-14A security issue exists within the FactoryTalk Linx Network Browser.
CVE-2025-90422025-08-14A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device.
CVE-2025-90412025-08-14A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device.
CVE-2025-79712025-08-14A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables.
CVE-2025-90362025-08-14A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token.
CVE-2025-79732025-08-14A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations.
CVE-2025-77742025-08-14A security issue exists within the 5032 16pt Digital Configurable module’s web server.
CVE-2025-77732025-08-14A security issue exists within the 5032 16pt Digital Configurable module’s web server.
CVE-2025-73532025-08-14A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules.

Tenda · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9046High8.82025-08-15A vulnerability was identified in Tenda AC20 16.03.08.12.
CVE-2025-9023High8.82025-08-15A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44.
CVE-2025-9007High8.82025-08-15A vulnerability has been found in Tenda CH22 1.0.0.1.
CVE-2025-9006High8.82025-08-15A vulnerability was identified in Tenda CH22 1.0.0.1.
CVE-2025-8958High8.82025-08-14A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01.
CVE-2025-8940High8.82025-08-14A vulnerability was identified in Tenda AC20 up to 16.03.08.12.
CVE-2025-8939High8.82025-08-14A vulnerability was determined in Tenda AC20 up to 16.03.08.12.
CVE-2025-8980Medium6.62025-08-14A vulnerability has been found in Tenda G1 16.01.7.8(3660).
CVE-2025-8979Medium6.62025-08-14A vulnerability was identified in Tenda AC15 15.13.07.13.

Apache · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54466Critical9.82025-08-15Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin.
CVE-2025-54472High7.52025-08-14Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network.
CVE-2025-48989High7.52025-08-13Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.
CVE-2025-55675Medium6.52025-08-14Apache Superset contains an improper access control vulnerability in its /explore endpoint.
CVE-2025-55674Medium6.52025-08-14A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions.
CVE-2025-55668Medium6.52025-08-13Session Fixation vulnerability in Apache Tomcat via rewrite valve.
CVE-2025-55672Medium5.42025-08-14A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization.
CVE-2025-55673Medium4.32025-08-14When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload.

Projectworlds · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9053High7.32025-08-15A vulnerability has been found in projectworlds Travel Management System 1.0.
CVE-2025-9052High7.32025-08-15A vulnerability was identified in projectworlds Travel Management System 1.0.
CVE-2025-9051High7.32025-08-15A vulnerability was determined in projectworlds Travel Management System 1.0.
CVE-2025-9050High7.32025-08-15A vulnerability was found in projectworlds Travel Management System 1.0.
CVE-2025-9047High7.32025-08-15A vulnerability has been found in projectworlds Visitor Management System 1.0.
CVE-2025-8948High7.32025-08-14A vulnerability was determined in projectworlds Visitor Management System 1.0.
CVE-2025-8947High7.32025-08-14A vulnerability was found in projectworlds Visitor Management System 1.0.
CVE-2025-8946High7.32025-08-14A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0.

Dell · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21110Medium6.72025-08-14Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability.
CVE-2025-38738Medium6.72025-08-14SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer.
CVE-2025-36612Medium6.72025-08-14SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability.
CVE-2025-26484Medium5.52025-08-14Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability.
CVE-2025-38745Medium4.82025-08-14Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore.
CVE-2025-36581Low3.82025-08-14Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability.
CVE-2025-36613Low2.82025-08-14SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability.

Ivanti · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5462High7.52025-08-12A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025…
CVE-2025-5456High7.52025-08-12A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2…
CVE-2025-8297High7.22025-08-12Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution
CVE-2025-8296High7.22025-08-12SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries.
CVE-2025-8310Medium6.52025-08-12Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password
CVE-2025-5468Medium5.52025-08-12Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed…
CVE-2025-5466Medium4.92025-08-12XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authent…

Sourcecodester · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8989High7.32025-08-15A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0.
CVE-2025-8988High7.32025-08-14A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0.
CVE-2025-8987High7.32025-08-14A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0.
CVE-2025-8986High7.32025-08-14A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0.
CVE-2025-8985High7.32025-08-14A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0.
CVE-2025-8953High7.32025-08-14A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0.
CVE-2025-8926High7.32025-08-13A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0.

Anisha · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9028High7.32025-08-15A flaw has been found in code-projects Online Medicine Guide 1.0.
CVE-2025-9027High7.32025-08-15A vulnerability has been found in code-projects Online Medicine Guide 1.0.
CVE-2025-8990High7.32025-08-15A vulnerability was determined in code-projects Online Medicine Guide 1.0.
CVE-2025-8923High7.32025-08-13A vulnerability was determined in code-projects Job Diary 1.0.
CVE-2025-8922High7.32025-08-13A vulnerability was found in code-projects Job Diary 1.0.
CVE-2025-8921High7.32025-08-13A vulnerability has been found in code-projects Job Diary 1.0.

Bplugins · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8059Critical9.82025-08-12The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6.
CVE-2025-8418High8.82025-08-12The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30.
CVE-2025-54708Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through <= 2.0.5.
CVE-2025-8680Medium4.32025-08-15The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function.
CVE-2025-8676Medium4.32025-08-15The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function.
CVE-2025-54694Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0.

Hcl Software · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52621Medium5.32025-08-15HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning.
CVE-2025-52619Medium5.32025-08-15HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure.
CVE-2025-31987Medium4.82025-08-14HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion.
CVE-2025-52620Medium4.32025-08-15HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability.
CVE-2025-52618Medium4.32025-08-15HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability.
CVE-2025-31961Low3.72025-08-15HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.

Nvidia · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-23306High7.82025-08-13NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input.
CVE-2025-23305High7.82025-08-13NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue.
CVE-2025-23298High7.82025-08-13NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue.
CVE-2025-23296High7.82025-08-13NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue.
CVE-2025-23295High7.82025-08-13NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file.
CVE-2025-23294High7.82025-08-13NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions.

Phpgurukul · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9024High7.32025-08-15A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1.
CVE-2025-9013High7.32025-08-15A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0.
CVE-2025-9012High7.32025-08-15A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0.
CVE-2025-9011High7.32025-08-15A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0.
CVE-2025-8951High7.32025-08-14A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1.
CVE-2025-9017Medium4.32025-08-15A vulnerability has been found in PHPGurukul Zoo Management System 2.1.

Wellchoose · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8913Critical9.82025-08-13Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2025-8912High7.52025-08-13Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2025-8914Medium6.52025-08-13Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-8909Medium6.52025-08-13Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2025-8911Medium6.12025-08-13Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2025-8910Medium6.12025-08-13Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

1000 Projects · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8936High7.32025-08-14A vulnerability was determined in 1000 Projects Sales Management System 1.0.
CVE-2025-8935High7.32025-08-14A vulnerability was found in 1000 Projects Sales Management System 1.0.
CVE-2025-8932High7.32025-08-14A vulnerability was determined in 1000 Projects Sales Management System 1.0.
CVE-2025-8934Medium4.32025-08-14A vulnerability has been found in 1000 Projects Sales Management System 1.0.
CVE-2025-8933Medium4.32025-08-14A vulnerability was identified in 1000 Projects Sales Management System 1.0.

Campcodes · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8960High7.32025-08-14A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0.
CVE-2025-8957High7.32025-08-14A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0.
CVE-2025-8952High7.32025-08-14A vulnerability was found in Campcodes Online Flight Booking Management System 1.0.
CVE-2025-8950High7.32025-08-14A vulnerability was identified in Campcodes Online Recruitment Management System 1.0.
CVE-2025-8924High7.32025-08-13A vulnerability was identified in Campcodes Online Water Billing System 1.0.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-9026High7.32025-08-15A vulnerability was identified in D-Link DIR-860L 2.04.B04.
CVE-2025-8949High7.22025-08-14A vulnerability was identified in D-Link DIR-825 2.10.
CVE-2025-8978Medium6.62025-08-14A vulnerability was determined in D-Link DIR-619L 6.02CN02.
CVE-2025-8956Medium6.32025-08-14A vulnerability was found in D-Link DIR‑818L up to 1.05B01.
CVE-2025-9003Low3.52025-08-15A vulnerability has been found in D-Link DIR-818LW 1.04.

F5 · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52585High7.52025-08-13When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2025-46405High7.52025-08-13When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2025-54809High7.42025-08-13F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.
CVE-2025-54500Medium5.32025-08-13An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack).  Note: Software versions which have reached End of T…
CVE-2025-53859Low3.72025-08-13NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sen…

Hortusfox · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-45317Medium6.52025-08-13A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.
CVE-2025-45313Medium6.12025-08-13A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter.
CVE-2025-45316Medium6.12025-08-13A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.
CVE-2025-45314Medium6.12025-08-13A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function.
CVE-2025-45315Medium5.42025-08-13A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parame…

Labredescefetrj · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55168Critical9.82025-08-12WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.
CVE-2025-55167Critical9.82025-08-12WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.
CVE-2025-55171High7.52025-08-12WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.
CVE-2025-55170Medium6.52025-08-12WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.
CVE-2025-55169Medium6.52025-08-12WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions.

Nasm · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8846Medium5.32025-08-11A vulnerability has been found in NASM Netwide Assember 2.17rc0.
CVE-2025-8845Medium5.32025-08-11A vulnerability was identified in NASM Netwide Assember 2.17rc0.
CVE-2025-8843Medium5.32025-08-11A vulnerability was found in NASM Netwide Assember 2.17rc0.
CVE-2025-8842Medium5.32025-08-11A vulnerability has been found in NASM Netwide Assember 2.17rc0.
CVE-2025-8844Low3.32025-08-11A vulnerability was determined in NASM Netwide Assember 2.17rc0.

Palo Alto Networks · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-21842025-08-13A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services.
CVE-2025-21832025-08-13An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers.
CVE-2025-21822025-08-13A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK).
CVE-2025-21812025-08-13A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output.
CVE-2025-21802025-08-13An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma®…

Unknown · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8047Critical9.82025-08-14The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket.
CVE-2025-6715Critical9.82025-08-13The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter.
CVE-2025-3414Medium5.42025-08-14The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor r…
CVE-2025-6790Medium4.32025-08-14The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
CVE-2025-7965Medium4.32025-08-11The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Yugabytedb Inc · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-88662025-08-11YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint.
CVE-2025-88652025-08-11The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs.
CVE-2025-88642025-08-11Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs
CVE-2025-88632025-08-11YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission
CVE-2025-88622025-08-11YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations.

Abb · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53187Critical9.82025-08-11Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication.
CVE-2025-7679High8.12025-08-11The ASPECT system allows users to bypass authentication.
CVE-2025-8754High7.52025-08-13Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14.
CVE-2025-7677Medium5.92025-08-11A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users.

Crocoblock · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55714Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7…
CVE-2025-54749Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through <= 2.2.0.2.
CVE-2025-54688Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.1.2.
CVE-2025-54687Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.9.1.

Imagemagick · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55154High8.82025-08-13ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2025-55004High7.62025-08-13ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2025-55160Medium6.12025-08-13ImageMagick is free and open-source software used for editing and manipulating digital images.
CVE-2025-55005Medium5.52025-08-13ImageMagick is free and open-source software used for editing and manipulating digital images.

Mtons · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8992Medium4.32025-08-15A vulnerability has been found in mtons mblog up to 3.5.0.
CVE-2025-9005Low3.72025-08-15A vulnerability was determined in mtons mblog up to 3.5.0.
CVE-2025-9004Low3.72025-08-15A vulnerability was found in mtons mblog up to 3.5.0.
CVE-2025-8927Low3.72025-08-13A vulnerability was determined in mtons mblog up to 3.5.0.

Netskope · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-59422025-08-14Netskope was notified about a potential gap in its agent (NS Client) on Windows systems.
CVE-2025-59412025-08-14Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine.
CVE-2025-03092025-08-14An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system.
CVE-2024-74022025-08-14Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communicati…

Zkteco Co · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-552802025-08-13This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware.
CVE-2025-552792025-08-13This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware.
CVE-2025-544652025-08-13This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware.
CVE-2025-544642025-08-13This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware.

Apple · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8672High7.82025-08-11MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle.
CVE-2025-48500High7.32025-08-13A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Softw…
CVE-2025-43201Medium6.22025-08-15This issue was addressed with improved checks.

Autodesk · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5048High7.82025-08-15A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability.
CVE-2025-5047High7.82025-08-15A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability.
CVE-2025-5046High7.82025-08-15A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability.

Axis · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3892Medium6.72025-08-12ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation.
CVE-2025-30027Medium6.72025-08-12An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution.
CVE-2025-7622Medium5.72025-08-12During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.

Bosch Rexroth Ag · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48860High8.02025-08-14A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions.
CVE-2025-48862High7.12025-08-14Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set.
CVE-2025-48861Medium5.32025-08-14A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps.

Broadcom · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8660Critical9.82025-08-11Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.
CVE-2025-8661Medium6.12025-08-11A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.
CVE-2025-9019Low3.12025-08-15A vulnerability has been found in tcpreplay 4.5.1.

Cherry-ai · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54074Critical9.82025-08-13Cherry Studio is a desktop client that supports for multiple LLM providers.
CVE-2025-54382Critical9.62025-08-13Cherry Studio is a desktop client that supports for multiple LLM providers.
CVE-2025-54063High8.02025-08-11Cherry Studio is a desktop client that supports for multiple LLM providers.

Crm Perks · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54684Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact cf7-constant-contact allows Stored XSS.This issue affects Integration for C…
CVE-2025-54682Medium5.42025-08-14Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: fr…
CVE-2025-54681Medium4.72025-08-14URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Phishing.This issue affects Connector for Gravity Forms and Google Sheets: fr…

Ibm · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-36124Medium5.92025-08-12IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration
CVE-2025-36088Medium5.42025-08-15IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting.
CVE-2025-36000Medium4.42025-08-12IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.

Instar · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8760Critical9.82025-08-13A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124.
CVE-2025-8761High7.52025-08-13A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124.
CVE-2025-8762Medium6.82025-08-13A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124.

Insyde Software · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4410High7.52025-08-13A buffer overflow vulnerability exists in the module SetupUtility.
CVE-2025-4277High7.52025-08-13Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
CVE-2025-4276High7.52025-08-13UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

Jasper_project · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8837Medium5.32025-08-11A vulnerability was identified in JasPer up to 4.2.5.
CVE-2025-8836Low3.32025-08-11A vulnerability was determined in JasPer up to 4.2.5.
CVE-2025-8835Low3.32025-08-11A vulnerability was found in JasPer up to 4.2.5.

Liferay · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-43735Medium6.12025-08-12A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7…
CVE-2025-43734Medium5.42025-08-12A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024…
CVE-2025-43736Medium4.32025-08-12A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13…

Linlinjava · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8965Medium6.32025-08-14A vulnerability has been found in linlinjava litemall up to 1.8.0.
CVE-2025-8991Medium4.32025-08-15A vulnerability was identified in linlinjava litemall up to 1.8.0.
CVE-2025-8974Low3.72025-08-14A vulnerability was determined in linlinjava litemall up to 1.8.0.

Omnissa · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25235High8.62025-08-11Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
CVE-2025-25231High7.52025-08-11Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints.
CVE-2025-25229Medium5.42025-08-11Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal networ…

Oretnom23 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9022High7.32025-08-15A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0.
CVE-2025-9021High7.32025-08-15A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0.
CVE-2025-8973High7.32025-08-14A vulnerability has been found in SourceCodester Cashier Queuing System 1.0.

Portabilis · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8920Low2.42025-08-13A vulnerability was identified in Portabilis i-Diario 1.6.
CVE-2025-8919Low2.42025-08-13A vulnerability was determined in Portabilis i-Diario up to 1.6.
CVE-2025-8918Low2.42025-08-13A vulnerability was found in Portabilis i-Educar up to 2.10.

Stirlingpdf · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55161High8.62025-08-11Stirling-PDF is a locally hosted web application that performs various operations on PDF files.
CVE-2025-55151High8.62025-08-11Stirling-PDF is a locally hosted web application that performs various operations on PDF files.
CVE-2025-55150High8.62025-08-11Stirling-PDF is a locally hosted web application that performs various operations on PDF files.

Advanced_intrusion_detection_environment_project · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54409Medium6.22025-08-14AIDE is an advanced intrusion detection environment.
CVE-2025-54389Medium6.22025-08-14AIDE is an advanced intrusion detection environment.

Amazon · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8904High8.52025-08-13Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials.
CVE-2025-9039Medium4.32025-08-14We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incomi…

Ami · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-22830Medium6.72025-08-12APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access.
CVE-2025-22834Medium4.22025-08-12AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing.

Beeteam368 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-25174Critical10.02025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 E…
CVE-2025-25172High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4.

Creativemindssolutions · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54727Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Stored XSS.This issue affects CM On Demand…
CVE-2025-54728Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a throug…

Debian · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-38500High7.82025-08-12In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_change…
CVE-2025-38499Medium5.52025-08-11In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount w…

Drupal · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8362Medium6.12025-08-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.
CVE-2025-8996Medium4.32025-08-15Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.

Fahadmahmood · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8046Medium6.12025-08-14The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2025-7808Medium6.12025-08-14The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Firebirdsql · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24975High7.12025-08-15Firebird is a relational database.
CVE-2025-54989Medium5.32025-08-15Firebird is a relational database.

Givanz · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8976Low3.52025-08-14A vulnerability has been found in givanz Vvveb up to 1.0.5.
CVE-2025-8975Low3.52025-08-14A vulnerability was identified in givanz Vvveb up to 1.0.5.

Goodlayers · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53342Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize modernize allows Stored XSS.This issue affects Modernize: from n/a through <= 3.4.0.
CVE-2025-53343Medium4.32025-08-14Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0.

Hashthemes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54704Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through <=…
CVE-2025-54712Medium4.32025-08-14Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7.

Helm · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55199Medium6.52025-08-14Helm is a package manager for Charts for Kubernetes.
CVE-2025-55198Medium6.52025-08-14Helm is a package manager for Charts for Kubernetes.

Intel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33607Medium5.62025-08-12Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2025-20090Medium5.52025-08-12Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access.

Jishenghua · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8839Medium6.32025-08-11A vulnerability was found in jshERP up to 3.5.
CVE-2025-8840Medium5.42025-08-11A vulnerability was determined in jshERP up to 3.5.

Kanboard · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55010Critical9.12025-08-12Kanboard is project management software that focuses on the Kanban methodology.
CVE-2025-55011Medium6.42025-08-12Kanboard is project management software that focuses on the Kanban methodology.

Legion Of The Bouncy Castle Inc. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-89162025-08-13Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.
CVE-2025-88852025-08-12Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.

Libcsp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-51824Medium6.52025-08-11libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c.
CVE-2025-51823Medium6.52025-08-11libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter.

Libtiff · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8851Medium5.32025-08-11A vulnerability was determined in LibTIFF up to 4.5.1.
CVE-2025-8961Low3.32025-08-14A weakness has been identified in LibTIFF 4.7.0.

Lisensee · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52765High7.12025-08-14Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a thr…
CVE-2025-52767Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plug…

Mechrevo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9016High7.02025-08-15A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48.
CVE-2025-9000High7.02025-08-15A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48.

N-able · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8876High8.8KEV2025-08-14Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
CVE-2025-8875High7.8KEV2025-08-14Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Nixos · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54864High7.52025-08-12Hydra is a continuous integration service for Nix based projects.
CVE-2025-54800Medium6.12025-08-12Hydra is a continuous integration service for Nix based projects.

Posimyth · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55712Medium6.52025-08-14Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus…
CVE-2025-54739Medium5.32025-08-14Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.5.4.

Realmag777 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54707Critical9.32025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through <= 1.3.3.7.
CVE-2025-52732High8.82025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a t…

Red Hat · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8941High7.82025-08-13A flaw was found in linux-pam.
CVE-2023-5342Medium4.12025-08-14The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded.

Saad Iqbal · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54668Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.4.3.
CVE-2025-54667Medium5.32025-08-14Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects myCred: from n/a through <= 2.9.4.3.

Themeatelier · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30635High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro idonate-pro allows PHP Local File Inclusion.This issue affects IDonatePro: from n/a through <=…
CVE-2025-30639High7.52025-08-14Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9.

Themefunction · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52731High7.52025-08-14Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager…
CVE-2025-52730Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event…

Thememove · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54701High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3.
CVE-2025-54700High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8…
CVESeverityCVSSKEVPublishedSummary
CVE-2025-8938Medium6.32025-08-14A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826.
CVE-2025-8937Medium6.32025-08-14A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826.

Unattributed · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55346Critical9.82025-08-14User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request.
CVE-2025-55345High8.82025-08-13Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working direc…

Vim · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55158High8.82025-08-11Vim is an open source, command line text editor.
CVE-2025-55157High8.82025-08-11Vim is an open source, command line text editor.

Zoom · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49457Critical9.62025-08-12Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access
CVE-2025-49456Medium6.22025-08-12Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access.

Zoomit · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-29014High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS.
CVE-2025-28999High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS.

10up · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8482Medium4.32025-08-12The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4.

2100 Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8853Critical9.82025-08-11Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user.

48hmorris · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7641High7.52025-08-15The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and includin…

51mis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8908Medium6.32025-08-13A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4.

5kcrm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8852Medium4.32025-08-11A vulnerability was identified in WuKongOpenSource WukongCRM 11.0.

Aa Web Servant · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54054Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Stored XSS.This issue affects 12 Step Meeting List: from n/a through <= 3…

Acato · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52716High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through <…

Addix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8690Medium6.42025-08-12The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-8675High8.82025-08-15Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.

Akcess-net · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-77612025-08-14Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS).

Alobaidi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8080Medium4.42025-08-15The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping.

Alvind · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31007High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form…

Angeljudesuarez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8925High7.32025-08-13A vulnerability has been found in itsourcecode Sports Management System 1.0.

Anwppro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8767Medium4.82025-08-12The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions.

Apustheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53587High8.82025-08-14Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57.

Arraytics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49869High8.82025-08-14Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31.

Artiosmedia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53581Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro rss-feed-pro allows Stored XSS.This issue affects RSS Feed Pro: from n/a through <= 1.1.8.

Artkrylov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7778Critical9.82025-08-15The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12.

Ashanjay · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8091Medium4.32025-08-15The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included.

Ashish · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-50029Medium6.52025-08-14Missing Authorization vulnerability in Ashish AI Tools artificial-intelligence-auto-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Tools: from n/a through <= 4.0.7.

Astoundify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54683Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal…

Authenticator_login_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8995Critical9.82025-08-15Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.

Auxilium · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100382025-08-11Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php.

Ays Pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54673Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3.

Backstage · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55285Low2.62025-08-15@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates.

Bbioon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5391High8.12025-08-12The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2.

Bcupham · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52771Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander video-expander allows Stored XSS.This issue affects Video Expander: from n/a through <= 1.0.

Bestiadurmiente · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49065High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0.

Biscia7 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49051Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through <= 1.1.

Bitpressadmin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6679Critical9.82025-08-15The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4.

Bobbingwide · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54671Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2.

Boldgrid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52712Medium4.22025-08-14Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8.

Brainstorm Force · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54685Medium6.52025-08-14Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash suredash allows Retrieve Embedded Sensitive Data.This issue affects SureDash: from n/a through <= 1.1.0.

Brother Industries, Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8452Medium4.32025-08-12By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware.

Bulletphysics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8854Critical9.82025-08-11Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or inv…

Bunkerity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-80662025-08-15URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2.

Cartpauj · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54746Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through <= 1.0.02.

Checkpoint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3831High8.12025-08-12Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.

Cleverreach® · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49059Critical9.32025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.20.

Cloud Infrastructure Services · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49264High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inc…

Codeablepress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53221Medium4.32025-08-14Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a thro…

Codefuse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-45146Critical9.82025-08-11ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py.

Comsndftp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100552025-08-13ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command.

Config_pages_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8361High7.62025-08-15Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.
CVESeverityCVSSKEVPublishedSummary
CVE-2025-8092High7.62025-08-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2…

Cornfeed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49062High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3.

Creativethemeshq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55713Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <= 2.1.6.

Crmperks · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7384Critical9.82025-08-13The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function.

Cytel Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100152025-08-13Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file.

Damian Góra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47444Medium5.32025-08-12Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through <= 1.32.1.

Dariolee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49052Medium4.32025-08-14Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1.

Darylldoyle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551662025-08-12savg-sanitizer is a PHP SVG/XML sanitizer.

Denoland · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55195High7.32025-08-14@std/toml is the Deno Standard Library.

Devitems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54695Medium5.42025-08-14Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0.

Dj-extensions.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-544742025-08-15A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered.

Dmitry V. (Ceo Of "Ukr Solution") · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54715Medium4.92025-08-14Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V.

Dogukanurker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53631Medium5.42025-08-14flaskBlog is a blog app built with Flask.

Dolibarr Project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100592025-08-13Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature.

Dylan Kuhn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48293Critical9.82025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through <=…

E-plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54717Medium5.42025-08-14Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3.

Ebernstein · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8688Medium6.42025-08-12The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplie…

Elementor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8081Medium4.92025-08-12The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified.

Elinkcontent · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7507Medium6.42025-08-15The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0.

Emarket-design · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8314Medium6.42025-08-12The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping.

Emilien · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8685Medium6.42025-08-12The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supp…

Epiphyt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54693Critical9.02025-08-14Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5.

Ether · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40920High8.62025-08-11Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.

Evigeo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7662Medium6.52025-08-15The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficien…

Expresstech Systems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55708High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a thro…

External-secrets · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551962025-08-13External Secrets Operator is a Kubernetes operator that integrates external secret management systems.

Eyecix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52806High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through < 3.0.8.

Eyoucms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52335Medium6.12025-08-14EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information.

Fastly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8671High7.52025-08-13A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (D…

Federico Rota · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49037High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer authentication-and-xmlrpc-log-writer allows Reflected XSS.This issue affects Authentic…

File Manager · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-0818Medium6.52025-08-13Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions.

Flexostudio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52769Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <= 1.0006.

Flowiseai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8943Critical9.82025-08-14The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers.

Foxit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32451High8.82025-08-13A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer.

Fwdesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49432Medium5.32025-08-15Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1.

Gelbphoenix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55165High8.22025-08-12Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database.

Glboy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8342High8.12025-08-15The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8…

Google · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8747High7.82025-08-11A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive.

Gopiplus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49897High8.82025-08-15Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection.

Gravitywp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49271High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - M…

H3c · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8907High7.02025-08-13A vulnerability was found in H3C M2 NAS V100R006.

Hakeemnala · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53249Medium6.52025-08-14Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8959High7.52025-08-15HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries.

Hassantafreshi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54678Critical9.32025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 3…

Helmetjs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551642025-08-12content-security-policy-parser parses content security policy directives.

Highwarden · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52720Critical9.32025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.5.

Hp Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-54772025-08-13A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that re…

Hp, Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-434902025-08-15A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege.

Hyland Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-341532025-08-13Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel.

I3geek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49063High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6.

Imithemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39483Medium6.52025-08-14Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through < 3.9.9.1.

Infosoftplugin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52820High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (PO…

Inpersttion · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8905Medium6.32025-08-15The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function.

Inspectlet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49048Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-recording allows Stored XSS.This issue a…

Iqonicdesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8867Medium6.42025-08-15The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below.

Jason-lau · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7688Medium6.12025-08-15The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1.

Jcg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8834Low2.42025-08-11A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908.

Jeecg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8963Medium6.32025-08-14A vulnerability was determined in jeecgboot JimuReport up to 2.1.1.

Johnh10 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47689High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2.

Joomsky.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-544752025-08-15A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands.

Jordy Meow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54672Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3.

Josepsitjar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52797High8.22025-08-14Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1.

Jurajnyiri · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551922025-08-14HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component.

Kadesthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49053Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager airdrop allows Stored XSS.This issue affects WP Airdrop Manager: from n/a through <= 1.0.5.

Kamleshyadav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31425High7.52025-08-14Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6.

Keeross · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49047Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync do-spaces-sync allows Stored XSS.This issue affects DigitalOcean Spaces Sync: from n/a through <= 2.2.1.

Keywordrush · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47536High7.22025-08-14Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0.

Ko Min · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49057High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8.

Kodeshpa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53241Medium5.52025-08-14Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11.

Laborator · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53347Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3.

Lambertgroup · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30626High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.T…

Lattice Semiconductor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100572025-08-13Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files.

Lcweb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52721Medium6.52025-08-14Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.

Lemonos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9001Medium5.32025-08-15A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS.

Litonice13 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8874Medium6.42025-08-12The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8…

Made I.t. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24775Critical9.92025-08-14Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T.

Magepeopleteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54705Medium4.32025-08-14Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6.

Makeplane · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55203Medium5.42025-08-15Plane is open-source project management software.

Masacms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32640Critical9.82025-08-11MASA CMS is an Enterprise Content Management platform based on open source technology.

Masteriyo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54699Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through <= 1.18.3.

Metagauss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49033High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from…

Michael Nelson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54740Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through <= 3.27.9.

Mklacroix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54674Medium5.42025-08-14Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a thro…

Morehawes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8720Medium6.42025-08-15The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping.

Moshensky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-50040Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Stored XSS.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2.

Motov.net · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54702Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013.

Mrdenny · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49054High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3.

Msoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9060Critical9.12025-08-15A vulnerability has been found in the  MSoft MFlash application that allows execution of arbitrary code on the server.

Mybb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-10018Critical9.82025-08-13myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code.

Nasa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54878High8.62025-08-11CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station.

Netop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100122025-08-13NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files.

Netty · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55163High7.52025-08-13Netty is an asynchronous, event-driven network application framework.

Nikelschubert · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8491Medium4.32025-08-13The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2.

Nimeshrmr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-4390Medium5.32025-08-12The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function.

Noor Alam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54706Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through <=…

Nordicmade · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54736Medium5.32025-08-14Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy savoy allows Retrieve Embedded Sensitive Data.This issue affects Savoy: from n/a through <= 3.0.8.

Oceanwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8891Medium4.32025-08-13The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1.

Octagonwebstudio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49036High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This…

Odn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8621Medium6.42025-08-12The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping.

Ome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54791Medium5.32025-08-13OMERO.web provides a web based client and plugin infrastructure.

Openfiler · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100402025-08-11Openfiler v2.x contains a command injection vulnerability in the system.html page.

Oppo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-273882025-08-14Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.

Ovatheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52823High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8.

Pareto Digital · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54730Medium5.32025-08-14Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews embedder-for-google-reviews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embedder for Google Reviews: from n/a through…

Part-db · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55194Medium5.72025-08-13Part-DB is an open source inventory management system for electronic components.

Passwordprotectwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5998Medium6.52025-08-14The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API.

Perteus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49061Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed porn-videos-embed allows Stored XSS.This issue affects Porn Videos Embed: from n/a through <= 0.9.1.

Phoca.cz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-544732025-08-15An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered.

Phoenix Contact · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41686High7.82025-08-12A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access.

Php Volunteer Management · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100562025-08-13PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality.

Phptax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100372025-08-11PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php.

Pl4g4 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53219Medium5.42025-08-14Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools wp-database-optimizer-tools allows Cross Site Request Forgery.This issue affects WP-Database-Optimizer-Tools: from n/a through <= 0.2.

Prabode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8568Medium6.42025-08-12The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping.

Pressforward · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28987Medium6.42025-08-14Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5.

Primersoftware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53575High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/…

Princeahmed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54703Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2.

Publishpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-48332High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks…

Px4 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9020Medium4.52025-08-15A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4.

Py-pdf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55197High7.52025-08-13pypdf is a free and open-source pure-python PDF library.

Pyload · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551562025-08-11pyLoad is the free and open-source Download Manager written in pure Python.

Quicksharehq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100102025-08-13QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths.

Quttera · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8013Low3.82025-08-15The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function.

Rabidhamster · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100582025-08-13RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests.

Radiustheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54698Medium5.42025-08-14Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0.

Railmedia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6025High7.52025-08-15The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4.

Rails · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551932025-08-13Active Record connects classes to relational database tables.

Realnetworks Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100162025-08-13Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive.

Redqteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28975High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison…

Rico Macchi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30998High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through <= 4.9.6.

Risetheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8462Medium6.42025-08-12The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output…

Risk Yazılım Teknolojileri Ltd. Şti. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-1929High7.22025-08-15Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd.

Romancode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54669Critical9.32025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.

Ronik@unlimitedwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52775High7.12025-08-14Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <…

Ruoyi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8847Low3.52025-08-11A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1.

Russell Jamieson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52788High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through <= 1.8.

S40 Cms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100092025-08-13S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler.

Sa-mp Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100142025-08-13GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file.

Sap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-42936Medium5.42025-08-12The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, le…

Scriptsbundle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54686Critical9.82025-08-14Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2.

Seagate · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-90432025-08-14The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element.

Servicenow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30892025-08-12ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform.

Setriosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7650High7.52025-08-15The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode.

Shabti Kaplan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49267High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by Dyna…

Shahjada · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54732Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.2.

Shen2 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49056High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2.

Soflyy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49038High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through <= 1.0.1.

Softnwords · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52785High7.12025-08-14Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31.

Solarwinds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26398Medium5.62025-08-12SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key.

Sound Strategies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49058High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search soundst-seo-search allows Reflected XSS.This issue affects SoundSt SEO Search: from n/a through <= 1…

Sparklewpthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54680Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Blogger Buzz blogger-buzz allows Stored XSS.This issue affects Blogger Buzz: from n/a through <= 1.2.6.

Spreecommerce · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-10019Critical9.82025-08-13Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality.

Stefanoai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28962Medium6.52025-08-14Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal A…

Stellarwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54697High7.22025-08-14Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16.

Steve Burge · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55710Medium4.32025-08-14Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2.

Stmcan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32288High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Exten…

Stylemix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54691Medium5.32025-08-14Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through…

Surbowl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9002High7.32025-08-15A vulnerability was identified in Surbowl dormitory-management-php 1.0.

Syedamirhussain91 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-50031Medium6.52025-08-14Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through <= 6.0.

Symmetrix Technologies · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100172025-08-13Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts.

Synergetic Data Systems Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-341542025-08-13UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface.

Sysax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-10060Critical9.82025-08-13Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service.

Techlabpro1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-5844Medium6.42025-08-15The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping.

Telstra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-549922025-08-11OpenKilda is an open-source OpenFlow controller.

Thanhd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49433Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through <= 1.1.

Thembay · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54689High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7.

Themestek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54690High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue affects Xinterio: from n/a through <= 4.2.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6184High8.82025-08-13The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0…

Themovation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53341Medium4.32025-08-14Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Them…

Thimpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-28979High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion.

Tianocore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38805Medium6.32025-08-12EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means.

Tokio-rs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-551592025-08-11slab is a pre-allocated storage for a uniform data type.

Tosend.it · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49044High7.12025-08-14Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1.

Traq Project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100132025-08-13Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script.

Uicore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6253High7.52025-08-12The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insu…

Umbraco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-10054Critical9.82025-08-13Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication.

Unity Business Technology Pty Ltd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52800High7.32025-08-14Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.

Valvepress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-39510High8.52025-08-14Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a throu…

Vcita · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54676Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Stored XSS.This issue affects Online…

Veronalabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55716Medium4.32025-08-14Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15.

Vertim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54679High7.52025-08-14Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customi…

Villatheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-30993Medium6.52025-08-14Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer…

Visual Composer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55709Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from…

Vonstroheim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52801High7.32025-08-14Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4.

Webba Appointment Booking · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54729Medium5.92025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Stored XSS.This issue affects Webba Booking: from n/a through <= 6.0.5.

Webcodingplace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52728High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue…

Webid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2011-100112025-08-13WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php.

Webilop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49064High7.12025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.1…

Wetail · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-47610Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Stored XSS.This issue affects WooCommerce Fortnox Integrati…

Winterchens · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8838High7.32025-08-11A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8.

Wipeoutmedia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-3703High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS &…

Withastro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-552072025-08-15Astro is a web framework for content-driven websites.

Wordlift · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53582Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift wordlift allows Stored XSS.This issue affects WordLift: from n/a through <= 3.54.5.

Worstguy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49437Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL Rotation: from n/a through <= 1.0.

Wp Swings · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54692High7.52025-08-14Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0.

Wp Table Builder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55711Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Stored XSS.This issue affects WP Table Builder: from n/a through <= 2.0.12.

Wpbakery · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54747Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera templatera allows DOM-Based XSS.This issue affects Templatera: from n/a through <= 2.3.0.

Wpbits · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37945Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elemen…

Wpdevteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8451Medium6.42025-08-15The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due t…

Wpestate · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-53330Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through <= 3.16.1.

Wpfactory · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49887Critical9.92025-08-14Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for Wo…

Wpfunnels · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54696Medium6.52025-08-14Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels allows Stored XSS.This issue affects WPFunnels: from n/a through <= 3.5.26.

Wproyal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-24766High7.52025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a t…

Wptb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8604Medium6.42025-08-15The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output…

Wulkano · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-79612025-08-15Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.

Xolluteon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-49898High7.62025-08-15Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14.

Yithemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54675Medium4.32025-08-14Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0.

Youki-dev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54867High7.02025-08-14Youki is a container runtime written in Rust.

Zed-industries · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-550122025-08-11Zed is a multiplayer code editor.

Zen Load Balancer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2012-100392025-08-11ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi.

Zlt2000 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8841Medium6.32025-08-11A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0.

Zte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-26709Medium5.72025-08-15There is an unauthorized access vulnerability in ZTE F50.