Patch Tuesday — August 2025
2025-08-12 · 993 CVEs
CVEs published or modified the week of 2025-08-12, partitioned by vendor.
Microsoft (151 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53766 | Critical | 9.8 | — | 2025-08-12 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
CVE-2025-50165 | Critical | 9.8 | — | 2025-08-12 | Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-50171 | Critical | 9.1 | — | 2025-08-12 | Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-8901 | High | 8.8 | — | 2025-08-13 | Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. |
CVE-2025-8882 | High | 8.8 | — | 2025-08-13 | Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. |
CVE-2025-8880 | High | 8.8 | — | 2025-08-13 | Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2025-8879 | High | 8.8 | — | 2025-08-13 | Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. |
CVE-2025-53778 | High | 8.8 | — | 2025-08-12 | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53772 | High | 8.8 | — | 2025-08-12 | Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. |
CVE-2025-53727 | High | 8.8 | — | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53145 | High | 8.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. |
CVE-2025-53144 | High | 8.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. |
CVE-2025-53143 | High | 8.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network. |
CVE-2025-53131 | High | 8.8 | — | 2025-08-12 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. |
CVE-2025-50163 | High | 8.8 | — | 2025-08-12 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
CVE-2025-49759 | High | 8.8 | — | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-49758 | High | 8.8 | — | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-49757 | High | 8.8 | — | 2025-08-12 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. |
CVE-2025-49712 | High | 8.8 | — | 2025-08-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-47954 | High | 8.8 | — | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-24999 | High | 8.8 | — | 2025-08-12 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53784 | High | 8.4 | — | 2025-08-12 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-53740 | High | 8.4 | — | 2025-08-12 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-53733 | High | 8.4 | — | 2025-08-12 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-53731 | High | 8.4 | — | 2025-08-12 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-50177 | High | 8.1 | — | 2025-08-12 | Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network. |
CVE-2025-53720 | High | 8.0 | — | 2025-08-12 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2025-50164 | High | 8.0 | — | 2025-08-12 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2025-50162 | High | 8.0 | — | 2025-08-12 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2025-50160 | High | 8.0 | — | 2025-08-12 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
CVE-2025-49707 | High | 7.9 | — | 2025-08-12 | Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. |
CVE-2025-23304 | High | 7.8 | — | 2025-08-13 | NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. |
CVE-2025-23303 | High | 7.8 | — | 2025-08-13 | NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. |
CVE-2025-54232 | High | 7.8 | — | 2025-08-12 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54231 | High | 7.8 | — | 2025-08-12 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54230 | High | 7.8 | — | 2025-08-12 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54229 | High | 7.8 | — | 2025-08-12 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54222 | High | 7.8 | — | 2025-08-12 | Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54226 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54225 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54224 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54223 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54221 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54220 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54219 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54218 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54217 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54216 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54215 | High | 7.8 | — | 2025-08-12 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54213 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54212 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54211 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54210 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54209 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54208 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54207 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-54206 | High | 7.8 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49570 | High | 7.8 | — | 2025-08-12 | Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49561 | High | 7.8 | — | 2025-08-12 | Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-53789 | High | 7.8 | — | 2025-08-12 | Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. |
CVE-2025-53773 | High | 7.8 | — | 2025-08-12 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. |
CVE-2025-53761 | High | 7.8 | — | 2025-08-12 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
CVE-2025-53759 | High | 7.8 | — | 2025-08-12 | Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-53741 | High | 7.8 | — | 2025-08-12 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-53739 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-53738 | High | 7.8 | — | 2025-08-12 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2025-53737 | High | 7.8 | — | 2025-08-12 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-53735 | High | 7.8 | — | 2025-08-12 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
CVE-2025-53734 | High | 7.8 | — | 2025-08-12 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. |
CVE-2025-53732 | High | 7.8 | — | 2025-08-12 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
CVE-2025-53730 | High | 7.8 | — | 2025-08-12 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. |
CVE-2025-53729 | High | 7.8 | — | 2025-08-12 | Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. |
CVE-2025-53726 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
CVE-2025-53725 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
CVE-2025-53724 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
CVE-2025-53723 | High | 7.8 | — | 2025-08-12 | Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
CVE-2025-53155 | High | 7.8 | — | 2025-08-12 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
CVE-2025-53154 | High | 7.8 | — | 2025-08-12 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-53152 | High | 7.8 | — | 2025-08-12 | Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. |
CVE-2025-53151 | High | 7.8 | — | 2025-08-12 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2025-53149 | High | 7.8 | — | 2025-08-12 | Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. |
CVE-2025-53141 | High | 7.8 | — | 2025-08-12 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-53133 | High | 7.8 | — | 2025-08-12 | Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. |
CVE-2025-53132 | High | 7.8 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
CVE-2025-50176 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. |
CVE-2025-50173 | High | 7.8 | — | 2025-08-12 | Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. |
CVE-2025-50170 | High | 7.8 | — | 2025-08-12 | Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
CVE-2025-50168 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
CVE-2025-50155 | High | 7.8 | — | 2025-08-12 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
CVE-2025-50153 | High | 7.8 | — | 2025-08-12 | Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally. |
CVE-2025-49761 | High | 7.8 | — | 2025-08-12 | Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2025-49564 | High | 7.8 | — | 2025-08-12 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49563 | High | 7.8 | — | 2025-08-12 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-53781 | High | 7.7 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. |
CVE-2025-53793 | High | 7.5 | — | 2025-08-12 | Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. |
CVE-2025-53783 | High | 7.5 | — | 2025-08-12 | Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. |
CVE-2025-53722 | High | 7.5 | — | 2025-08-12 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. |
CVE-2025-50169 | High | 7.5 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network. |
CVE-2025-33051 | High | 7.5 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. |
CVE-2025-50161 | High | 7.3 | — | 2025-08-12 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
CVE-2025-50159 | High | 7.3 | — | 2025-08-12 | Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally. |
CVE-2025-53779 | High | 7.2 | — | 2025-08-12 | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53760 | High | 7.1 | — | 2025-08-12 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53788 | High | 7.0 | — | 2025-08-12 | Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
CVE-2025-53721 | High | 7.0 | — | 2025-08-12 | Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. |
CVE-2025-53718 | High | 7.0 | — | 2025-08-12 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-53147 | High | 7.0 | — | 2025-08-12 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-53142 | High | 7.0 | — | 2025-08-12 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
CVE-2025-53140 | High | 7.0 | — | 2025-08-12 | Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally. |
CVE-2025-53137 | High | 7.0 | — | 2025-08-12 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-53135 | High | 7.0 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. |
CVE-2025-53134 | High | 7.0 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-50167 | High | 7.0 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
CVE-2025-50158 | High | 7.0 | — | 2025-08-12 | Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally. |
CVE-2025-49762 | High | 7.0 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2025-53736 | Medium | 6.8 | — | 2025-08-12 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
CVE-2025-49751 | Medium | 6.8 | — | 2025-08-12 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. |
CVE-2025-49743 | Medium | 6.7 | — | 2025-08-12 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
CVE-2025-48807 | Medium | 6.7 | — | 2025-08-12 | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. |
CVE-2025-8881 | Medium | 6.5 | — | 2025-08-13 | Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. |
CVE-2025-53728 | Medium | 6.5 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. |
CVE-2025-53716 | Medium | 6.5 | — | 2025-08-12 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. |
CVE-2025-50172 | Medium | 6.5 | — | 2025-08-12 | Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network. |
CVE-2025-50166 | Medium | 6.5 | — | 2025-08-12 | Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. |
CVE-2025-50154 | Medium | 6.5 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-25005 | Medium | 6.5 | — | 2025-08-12 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. |
CVE-2025-53719 | Medium | 5.7 | — | 2025-08-12 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
CVE-2025-53153 | Medium | 5.7 | — | 2025-08-12 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
CVE-2025-53148 | Medium | 5.7 | — | 2025-08-12 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
CVE-2025-53138 | Medium | 5.7 | — | 2025-08-12 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
CVE-2025-50157 | Medium | 5.7 | — | 2025-08-12 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
CVE-2025-50156 | Medium | 5.7 | — | 2025-08-12 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. |
CVE-2025-54238 | Medium | 5.5 | — | 2025-08-12 | Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54233 | Medium | 5.5 | — | 2025-08-12 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54228 | Medium | 5.5 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54227 | Medium | 5.5 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54214 | Medium | 5.5 | — | 2025-08-12 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-49562 | Medium | 5.5 | — | 2025-08-12 | Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-53769 | Medium | 5.5 | — | 2025-08-12 | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. |
CVE-2025-53156 | Medium | 5.5 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally. |
CVE-2025-53136 | Medium | 5.5 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. |
CVE-2025-49568 | Medium | 5.5 | — | 2025-08-12 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-49567 | Medium | 5.5 | — | 2025-08-12 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2025-49745 | Medium | 5.4 | — | 2025-08-12 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-36047 | Medium | 5.3 | — | 2025-08-14 | IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. |
CVE-2025-33142 | Medium | 5.3 | — | 2025-08-14 | IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. |
CVE-2025-25007 | Medium | 5.3 | — | 2025-08-12 | Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-25006 | Medium | 5.3 | — | 2025-08-12 | Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-53765 | Medium | 4.4 | — | 2025-08-12 | Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. |
CVE-2025-49755 | Medium | 4.3 | — | 2025-08-12 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
CVE-2025-49736 | Medium | 4.3 | — | 2025-08-12 | The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. |
Other vendors (842 CVEs across 348 vendors)
N/a · 110 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-50518 | Critical | 9.8 | — | 2025-08-14 | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. |
CVE-2025-27845 | Critical | 9.8 | — | 2025-08-14 | In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. |
CVE-2025-43984 | Critical | 9.8 | — | 2025-08-14 | An issue was discovered on KuWFi GC111 devices (Hardware Version: CPE-LM321_V3.2, Software Version: GC111-GL-LM321_V3.0_20191211). |
CVE-2025-43986 | Critical | 9.8 | — | 2025-08-13 | An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. |
CVE-2025-43982 | Critical | 9.8 | — | 2025-08-13 | Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. |
CVE-2025-52385 | Critical | 9.8 | — | 2025-08-13 | An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module |
CVE-2025-51451 | Critical | 9.8 | — | 2025-08-13 | In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
CVE-2025-50594 | Critical | 9.8 | — | 2025-08-13 | An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password. |
CVE-2025-51452 | Critical | 9.8 | — | 2025-08-13 | In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. |
CVE-2025-43983 | Critical | 9.1 | — | 2025-08-14 | KuWFi CPF908-CP5 WEB5.0_LCD_20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform_set_cmd_process and goform/goform_get_cmd_process. |
CVE-2025-50251 | Critical | 9.1 | — | 2025-08-13 | Server side request forgery (SSRF) vulnerability in makeplane plane 0.23.1 via the password recovery. |
CVE-2024-53946 | High | 8.8 | — | 2025-08-14 | The KuWFi 4G LTE AC900 router 1.0.13 is vulnerable to Cross-Site Request Forgery (CSRF) on its web management interface. |
CVE-2024-53945 | High | 8.8 | — | 2025-08-14 | The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. |
CVE-2025-8715 | High | 8.8 | — | 2025-08-14 | Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-comm… |
CVE-2025-8714 | High | 8.8 | — | 2025-08-14 | Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-… |
CVE-2025-24325 | High | 8.8 | — | 2025-08-12 | Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20093 | High | 8.2 | — | 2025-08-12 | Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-22889 | High | 7.9 | — | 2025-08-12 | Improper handling of overlap between protected memory ranges for some Intel(R) Xeon(R) 6 processor with Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-25273 | High | 7.8 | — | 2025-08-12 | Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-24486 | High | 7.8 | — | 2025-08-12 | Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-24484 | High | 7.8 | — | 2025-08-12 | Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-24303 | High | 7.8 | — | 2025-08-12 | Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-22893 | High | 7.8 | — | 2025-08-12 | Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-22836 | High | 7.8 | — | 2025-08-12 | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20109 | High | 7.8 | — | 2025-08-12 | Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20074 | High | 7.8 | — | 2025-08-12 | Time-of-check Time-of-use race condition for some Intel(R) Connectivity Performance Suite software installers before version 40.24.11210 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-51986 | High | 7.5 | — | 2025-08-14 | An issue was discovered in the demo/LINUXTCP implementation of cwalter-at freemodbus v.2018-09-12 allowing attackers to reach an infinite loop via a crafted length value for a packet. |
CVE-2023-43692 | High | 7.5 | — | 2025-08-14 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). |
CVE-2025-43988 | High | 7.5 | — | 2025-08-13 | KuWFi 5G01-X55 FL2020_V0.0.12 devices expose an unauthenticated API endpoint (ajax_get.cgi), allowing remote attackers to retrieve sensitive configuration data, including admin credentials. |
CVE-2025-50617 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. |
CVE-2025-50616 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. |
CVE-2025-50615 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. |
CVE-2025-50614 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. |
CVE-2025-50613 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. |
CVE-2025-50612 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. |
CVE-2025-50611 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. |
CVE-2025-50610 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. |
CVE-2025-50609 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. |
CVE-2025-50608 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. |
CVE-2025-50635 | High | 7.5 | — | 2025-08-13 | A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. |
CVE-2025-22839 | High | 7.5 | — | 2025-08-12 | Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. |
CVE-2025-21086 | High | 7.5 | — | 2025-08-12 | Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. |
CVE-2025-22840 | High | 7.4 | — | 2025-08-12 | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access |
CVE-2025-20625 | High | 7.4 | — | 2025-08-12 | Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
CVE-2025-23241 | High | 7.3 | — | 2025-08-12 | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2025-32086 | High | 7.2 | — | 2025-08-12 | Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via loca… |
CVE-2025-26403 | High | 7.2 | — | 2025-08-12 | Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R) 6 processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-24305 | High | 7.2 | — | 2025-08-12 | Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-20053 | High | 7.2 | — | 2025-08-12 | Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-20037 | High | 7.2 | — | 2025-08-12 | Time-of-check time-of-use race condition in firmware for some Intel(R) Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-27717 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access |
CVE-2025-27559 | Medium | 6.7 | — | 2025-08-12 | Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-26470 | Medium | 6.7 | — | 2025-08-12 | Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-26404 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for some Intel(R) DSA software before version 25.2.15.9 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-24923 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path in some Intel(R) AI for Enterprise Retrieval-augmented Generation software may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-24302 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-22838 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-21093 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path element for some Intel(R) Driver & Support Assistant Tool software before version 24.6.49.8 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20627 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20099 | Medium | 6.7 | — | 2025-08-12 | Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20092 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for some Clock Jitter Tool software before version 6.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20087 | Medium | 6.7 | — | 2025-08-12 | Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20048 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20023 | Medium | 6.7 | — | 2025-08-12 | Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-20017 | Medium | 6.7 | — | 2025-08-12 | Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-24921 | Medium | 6.6 | — | 2025-08-12 | Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
CVE-2025-50861 | Medium | 6.5 | — | 2025-08-14 | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 contains an exported component, PushDeepLinkActivity, which is accessible without authentication via ADB or malicious apps. |
CVE-2023-43687 | Medium | 6.5 | — | 2025-08-14 | An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). |
CVE-2025-50515 | Medium | 6.5 | — | 2025-08-14 | An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded. |
CVE-2023-43683 | Medium | 6.5 | — | 2025-08-14 | An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). |
CVE-2025-43989 | Medium | 6.5 | — | 2025-08-13 | The /goform/formJsonAjaxReq POST endpoint of Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices mishandles the set_timesetting action with the ntpserver0 parameter, which is used in a system command. |
CVE-2025-50946 | Medium | 6.5 | — | 2025-08-13 | OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. |
CVE-2025-24835 | Medium | 6.5 | — | 2025-08-12 | Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2025-24515 | Medium | 6.5 | — | 2025-08-12 | NULL pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2025-24323 | Medium | 6.5 | — | 2025-08-12 | Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-21090 | Medium | 6.5 | — | 2025-08-12 | Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2025-51965 | Medium | 6.1 | — | 2025-08-14 | OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface. |
CVE-2025-51691 | Medium | 6.1 | — | 2025-08-13 | Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. |
CVE-2025-50690 | Medium | 6.1 | — | 2025-08-13 | A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). |
CVE-2025-24296 | Medium | 6.0 | — | 2025-08-12 | Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. |
CVE-2025-20067 | Medium | 6.0 | — | 2025-08-12 | Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access. |
CVE-2025-50862 | Medium | 5.9 | — | 2025-08-14 | The Lotus Cars Android app (com.lotus.carsdomestic.intl) 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. |
CVE-2025-24840 | Medium | 5.8 | — | 2025-08-12 | Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
CVE-2025-26472 | Medium | 5.7 | — | 2025-08-12 | Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
CVE-2025-27537 | Medium | 5.5 | — | 2025-08-12 | Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
CVE-2025-50817 | Medium | 5.4 | — | 2025-08-14 | A vulnerability in the Python-Future 1.0.0 module allows for arbitrary code execution via the unintended import of a file named test.py. |
CVE-2025-52392 | Medium | 5.4 | — | 2025-08-13 | Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. |
CVE-2025-52386 | Medium | 5.4 | — | 2025-08-13 | CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file |
CVE-2025-20077 | Medium | 5.3 | — | 2025-08-12 | Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via local access. |
CVE-2023-43694 | Medium | 5.2 | — | 2025-08-14 | An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). |
CVE-2025-24313 | Medium | 4.4 | — | 2025-08-12 | Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. |
CVE-2025-22392 | Medium | 4.4 | — | 2025-08-12 | Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. |
CVE-2025-20025 | Medium | 4.4 | — | 2025-08-12 | Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access. |
CVE-2025-27847 | Medium | 4.3 | — | 2025-08-14 | In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. |
CVE-2025-27846 | Medium | 4.3 | — | 2025-08-14 | In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. |
CVE-2025-20044 | Medium | 4.1 | — | 2025-08-12 | Improper locking for some Intel(R) TDX Module firmware before version 1.5.13 may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-32004 | Low | 3.9 | — | 2025-08-12 | Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-26863 | Low | 3.8 | — | 2025-08-12 | Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. |
CVE-2025-27250 | Low | 3.5 | — | 2025-08-12 | Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
CVE-2025-24523 | Low | 3.5 | — | 2025-08-12 | Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
CVE-2025-26697 | Low | 3.3 | — | 2025-08-12 | Uncontrolled resource consumption in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable denial of service. |
CVE-2025-24520 | Low | 3.3 | — | 2025-08-12 | Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2025-24511 | Low | 3.3 | — | 2025-08-12 | Improper initialization in the Linux kernel-mode driver for some Intel(R) I350 Series Ethernet before version 5.19.2 may allow an authenticated user to potentially enable Information disclosure via data exposure. |
CVE-2025-20613 | Low | 3.3 | — | 2025-08-12 | Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2025-8713 | Low | 3.1 | — | 2025-08-14 | PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. |
CVE-2025-27576 | Low | 2.9 | — | 2025-08-12 | Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable denial of service via local access. |
CVE-2025-24324 | Low | 2.8 | — | 2025-08-12 | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
CVE-2025-27707 | Low | 2.6 | — | 2025-08-12 | Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent… |
CVE-2025-22853 | Low | 2.3 | — | 2025-08-12 | Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
CVE-2025-21096 | Low | 1.9 | — | 2025-08-12 | Improper buffer restrictions in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |
Adobe · 31 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49557 | High | 8.7 | — | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject maliciou… |
CVE-2025-49555 | High | 8.1 | — | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. |
CVE-2025-54187 | High | 7.8 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49573 | High | 7.8 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49572 | High | 7.8 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49571 | High | 7.8 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49569 | High | 7.8 | — | 2025-08-12 | Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49560 | High | 7.8 | — | 2025-08-12 | Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2025-49556 | High | 7.5 | — | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. |
CVE-2025-49554 | High | 7.5 | — | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. |
CVE-2025-49558 | Medium | 5.9 | — | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. |
CVE-2025-54235 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54205 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Sampler versions 5.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54204 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54203 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54202 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54201 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54200 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54199 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54198 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54197 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54195 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54194 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54193 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54192 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54191 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54190 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54189 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54188 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-54186 | Medium | 5.5 | — | 2025-08-12 | Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. |
CVE-2025-49559 | Medium | 5.3 | — | 2025-08-12 | Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a se… |
Cisco · 29 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-20265 | Critical | 10.0 | — | 2025-08-14 | A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. T… |
CVE-2025-20263 | High | 8.6 | — | 2025-08-14 | A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer ove… |
CVE-2025-20253 | High | 8.6 | — | 2025-08-14 | A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition… |
CVE-2025-20243 | High | 8.6 | — | 2025-08-14 | A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. … |
CVE-2025-20239 | High | 8.6 | — | 2025-08-14 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an una… |
CVE-2025-20222 | High | 8.6 | — | 2025-08-14 | A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attack… |
CVE-2025-20217 | High | 8.6 | — | 2025-08-14 | A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a… |
CVE-2025-20136 | High | 8.6 | — | 2025-08-14 | A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could… |
CVE-2025-20134 | High | 8.6 | — | 2025-08-14 | A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device t… |
CVE-2025-20133 | High | 8.6 | — | 2025-08-14 | A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly st… |
CVE-2025-20251 | High | 8.5 | — | 2025-08-14 | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or de… |
CVE-2025-20148 | High | 8.5 | — | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulner… |
CVE-2025-20244 | High | 7.7 | — | 2025-08-14 | A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN… |
CVE-2025-20127 | High | 7.7 | — | 2025-08-14 | A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devic… |
CVE-2025-20301 | Medium | 6.5 | — | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to access troubleshoot files for a different domain. This vulnerability is due to missing a… |
CVE-2025-20235 | Medium | 6.1 | — | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface… |
CVE-2025-20238 | Medium | 6.0 | — | 2025-08-14 | A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat… |
CVE-2025-20237 | Medium | 6.0 | — | 2025-08-14 | A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operat… |
CVE-2025-20220 | Medium | 6.0 | — | 2025-08-14 | A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying opera… |
CVE-2025-20268 | Medium | 5.8 | — | 2025-08-14 | A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections… |
CVE-2025-20254 | Medium | 5.8 | — | 2025-08-14 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to… |
CVE-2025-20252 | Medium | 5.8 | — | 2025-08-14 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to… |
CVE-2025-20225 | Medium | 5.8 | — | 2025-08-14 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an una… |
CVE-2025-20224 | Medium | 5.8 | — | 2025-08-14 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to… |
CVE-2025-20219 | Medium | 5.3 | — | 2025-08-14 | A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticate… |
CVE-2025-20306 | Medium | 4.9 | — | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlyi… |
CVE-2025-20218 | Medium | 4.9 | — | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability… |
CVE-2025-20302 | Medium | 4.3 | — | 2025-08-14 | A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missin… |
CVE-2025-20135 | Medium | 4.3 | — | 2025-08-14 | A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust avail… |
Siemens · 29 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40746 | Critical | 9.1 | — | 2025-08-12 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). |
CVE-2025-40758 | High | 8.7 | — | 2025-08-14 | A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). |
CVE-2025-40743 | High | 8.3 | — | 2025-08-12 | A vulnerability has been identified in SINUMERIK 828D PPU.4 (All versions < V4.95 SP5), SINUMERIK 828D PPU.5 (All versions < V5.25 SP1), SINUMERIK 840D sl (All versions < V4.95 SP5), SINUMERIK MC (All versions < V1.25 SP1), SINUMERIK MC V1… |
CVE-2024-54678 | High | 8.2 | — | 2025-08-12 | A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All version… |
CVE-2025-40767 | High | 7.8 | — | 2025-08-12 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). |
CVE-2025-40764 | High | 7.8 | — | 2025-08-12 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). |
CVE-2025-40762 | High | 7.8 | — | 2025-08-12 | A vulnerability has been identified in Simcenter Femap V2406 (All versions < V2406.0003), Simcenter Femap V2412 (All versions < V2412.0002). |
CVE-2025-40759 | High | 7.8 | — | 2025-08-12 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All ver… |
CVE-2025-30033 | High | 7.8 | — | 2025-08-12 | The affected setup component is vulnerable to DLL hijacking. |
CVE-2025-40761 | High | 7.6 | — | 2025-08-12 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX… |
CVE-2024-52504 | High | 7.5 | — | 2025-08-12 | A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V… |
CVE-2025-40770 | High | 7.4 | — | 2025-08-12 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). |
CVE-2025-40769 | High | 7.4 | — | 2025-08-12 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). |
CVE-2025-40768 | High | 7.3 | — | 2025-08-12 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). |
CVE-2024-41979 | High | 7.1 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2024-41986 | Medium | 6.4 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2025-40751 | Medium | 6.3 | — | 2025-08-12 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). |
CVE-2025-40753 | Medium | 6.2 | — | 2025-08-12 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (A… |
CVE-2025-40752 | Medium | 6.2 | — | 2025-08-12 | A vulnerability has been identified in POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) (All versions >= V2.60 < V2.62), POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) (A… |
CVE-2025-30034 | Medium | 6.2 | — | 2025-08-12 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.3). |
CVE-2025-40766 | Medium | 5.5 | — | 2025-08-12 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). |
CVE-2025-40584 | Medium | 5.5 | — | 2025-08-12 | A vulnerability has been identified in SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions < V5.7 SP1 HF1), SIMOTION S… |
CVE-2024-41982 | Medium | 4.8 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2025-33023 | Medium | 4.1 | — | 2025-08-12 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions), RUGGEDCOM ROX MX5000RE (All versions), RUGGEDCOM ROX RX1400 (All versions), RUGGEDCOM ROX RX1500 (All versions), RUGGEDCOM ROX RX1501 (All versions), RUGGEDCOM ROX… |
CVE-2024-41983 | Low | 3.5 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2024-41980 | Low | 3.1 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2024-41985 | Low | 2.6 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2024-41984 | Low | 2.6 | — | 2025-08-12 | A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). |
CVE-2025-40570 | Low | 2.4 | — | 2025-08-12 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versi… |
Itsourcecode · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9010 | High | 7.3 | — | 2025-08-15 | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-9009 | High | 7.3 | — | 2025-08-15 | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-9008 | High | 7.3 | — | 2025-08-15 | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8993 | High | 7.3 | — | 2025-08-15 | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8984 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8983 | High | 7.3 | — | 2025-08-14 | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8982 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8981 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8972 | High | 7.3 | — | 2025-08-14 | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8971 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8970 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8969 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8968 | High | 7.3 | — | 2025-08-14 | A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8967 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. |
CVE-2025-8966 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. |
Sap_se · 15 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-42957 | Critical | 9.9 | — | 2025-08-12 | SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. |
CVE-2025-42950 | Critical | 9.9 | — | 2025-08-12 | SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. |
CVE-2025-42951 | High | 8.8 | — | 2025-08-12 | Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.�As a result , it has a high impact on the confidentiality, integrity, an… |
CVE-2025-42976 | High | 8.1 | — | 2025-08-12 | SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. |
CVE-2025-42946 | Medium | 6.9 | — | 2025-08-12 | Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to se… |
CVE-2025-42975 | Medium | 6.1 | — | 2025-08-12 | SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. |
CVE-2025-42948 | Medium | 6.1 | — | 2025-08-12 | Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. |
CVE-2025-42945 | Medium | 6.1 | — | 2025-08-12 | SAP NetWeaver Application Server ABAP has HTML injection vulnerability. |
CVE-2025-42942 | Medium | 6.1 | — | 2025-08-12 | SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. |
CVE-2025-42949 | Medium | 4.9 | — | 2025-08-12 | Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. |
CVE-2025-42943 | Medium | 4.5 | — | 2025-08-12 | SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. |
CVE-2025-42934 | Medium | 4.3 | — | 2025-08-12 | SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. |
CVE-2025-42935 | Medium | 4.1 | — | 2025-08-12 | The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosur… |
CVE-2025-42955 | Low | 3.5 | — | 2025-08-12 | Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. |
CVE-2025-42941 | Low | 3.5 | — | 2025-08-12 | SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. |
Fortinet · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-25256 | Critical | 9.8 | — | 2025-08-12 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and befor… |
CVE-2025-52970 | High | 8.1 | — | 2025-08-12 | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining… |
CVE-2024-26009 | High | 8.1 | — | 2025-08-12 | An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1… |
CVE-2025-53744 | High | 7.2 | — | 2025-08-12 | An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with hig… |
CVE-2025-49813 | High | 7.2 | — | 2025-08-12 | An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execu… |
CVE-2024-48892 | Medium | 6.8 | — | 2025-08-12 | A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack. |
CVE-2025-47857 | Medium | 6.7 | — | 2025-08-12 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary cod… |
CVE-2025-27759 | Medium | 6.7 | — | 2025-08-12 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an au… |
CVE-2023-45584 | Medium | 6.6 | — | 2025-08-12 | A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 thro… |
CVE-2025-32932 | Medium | 6.5 | — | 2025-08-12 | An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all ver… |
CVE-2025-32766 | Medium | 6.4 | — | 2025-08-12 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands |
CVE-2024-52964 | Medium | 5.5 | — | 2025-08-12 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud v… |
CVE-2025-25248 | Medium | 5.3 | — | 2025-08-12 | An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and belo… |
CVE-2024-40588 | Medium | 4.4 | — | 2025-08-12 | Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0… |
Linksys · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8833 | High | 8.8 | — | 2025-08-11 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8832 | High | 8.8 | — | 2025-08-11 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8831 | High | 8.8 | — | 2025-08-11 | A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8826 | High | 8.8 | — | 2025-08-11 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8824 | High | 8.8 | — | 2025-08-11 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8822 | High | 8.8 | — | 2025-08-11 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8820 | High | 8.8 | — | 2025-08-11 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8830 | Medium | 6.3 | — | 2025-08-11 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8829 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8828 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8827 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8825 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8823 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
CVE-2025-8821 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. |
Mattermost · 13 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54525 | High | 7.5 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to create channel subscription endpoint with an invalid request body. |
CVE-2025-52931 | High | 7.5 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body. |
CVE-2025-54478 | High | 7.2 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint. |
CVE-2025-44004 | High | 7.2 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel sub… |
CVE-2025-48731 | Medium | 6.4 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint. |
CVE-2025-54463 | Medium | 5.9 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. |
CVE-2025-53514 | Medium | 5.9 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. |
CVE-2025-54458 | Medium | 5.0 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription e… |
CVE-2025-8285 | Medium | 4.0 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription end… |
CVE-2025-53910 | Medium | 4.0 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription end… |
CVE-2025-44001 | Medium | 4.0 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions… |
CVE-2025-53857 | Low | 3.7 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the GET autocomplete/GetChanne… |
CVE-2025-49221 | Low | 3.7 | — | 2025-08-11 | Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint. |
Gitlab · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7739 | High | 8.7 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content i… |
CVE-2025-7734 | High | 8.7 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of… |
CVE-2025-6186 | High | 8.7 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names. |
CVE-2024-12303 | Medium | 6.7 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permission… |
CVE-2025-8770 | Medium | 6.5 | — | 2025-08-13 | An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval po… |
CVE-2025-2937 | Medium | 6.5 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending speciall… |
CVE-2025-2614 | Medium | 6.5 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specia… |
CVE-2025-1477 | Medium | 6.5 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending spec… |
CVE-2024-10219 | Medium | 6.5 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and down… |
CVE-2025-5819 | Medium | 5.0 | — | 2025-08-13 | An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected bra… |
CVE-2025-2498 | Low | 3.1 | — | 2025-08-13 | An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups… |
Code-projects · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8955 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in PHPGurukul Hospital Management System 4.0. |
CVE-2025-8954 | High | 7.3 | — | 2025-08-14 | A vulnerability was identified in PHPGurukul Hospital Management System 4.0. |
CVE-2025-9025 | Medium | 6.3 | — | 2025-08-15 | A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. |
CVE-2025-8931 | Medium | 6.3 | — | 2025-08-14 | A vulnerability was determined in code-projects Medical Store Management System 1.0. |
CVE-2025-8930 | Medium | 6.3 | — | 2025-08-14 | A vulnerability was found in code-projects Medical Store Management System 1.0. |
CVE-2025-8929 | Medium | 6.3 | — | 2025-08-13 | A vulnerability has been found in code-projects Medical Store Management System 1.0. |
CVE-2025-8928 | Medium | 6.3 | — | 2025-08-13 | A vulnerability was identified in code-projects Medical Store Management System 1.0. |
CVE-2025-8859 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was identified in code-projects eBlog Site 1.0. |
CVE-2025-8964 | Medium | 5.3 | — | 2025-08-14 | A vulnerability was identified in code-projects Hostel Management System 1.0. |
CVE-2025-8962 | Medium | 5.3 | — | 2025-08-14 | A vulnerability was found in code-projects Hostel Management System 1.0. |
Openatom · 10 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-27577 | High | 8.4 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. |
CVE-2025-27128 | High | 8.4 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. |
CVE-2025-25278 | High | 8.4 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. |
CVE-2025-24298 | High | 8.4 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. |
CVE-2025-27562 | Low | 3.3 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. |
CVE-2025-27536 | Low | 3.3 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. |
CVE-2025-26690 | Low | 3.3 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. |
CVE-2025-25212 | Low | 3.3 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. |
CVE-2025-24925 | Low | 3.3 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. |
CVE-2025-24844 | Low | 3.3 | — | 2025-08-11 | in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. |
Rockwell Automation · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7972 | Critical | 9.1 | — | 2025-08-14 | A security issue exists within the FactoryTalk Linx Network Browser. |
CVE-2025-9042 | — | — | — | 2025-08-14 | A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. |
CVE-2025-9041 | — | — | — | 2025-08-14 | A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. |
CVE-2025-7971 | — | — | — | 2025-08-14 | A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. |
CVE-2025-9036 | — | — | — | 2025-08-14 | A security issue in the runtime event system allows unauthenticated connections to receive a reusable API token. |
CVE-2025-7973 | — | — | — | 2025-08-14 | A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. |
CVE-2025-7774 | — | — | — | 2025-08-14 | A security issue exists within the 5032 16pt Digital Configurable module’s web server. |
CVE-2025-7773 | — | — | — | 2025-08-14 | A security issue exists within the 5032 16pt Digital Configurable module’s web server. |
CVE-2025-7353 | — | — | — | 2025-08-14 | A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. |
Tenda · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9046 | High | 8.8 | — | 2025-08-15 | A vulnerability was identified in Tenda AC20 16.03.08.12. |
CVE-2025-9023 | High | 8.8 | — | 2025-08-15 | A vulnerability has been found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. |
CVE-2025-9007 | High | 8.8 | — | 2025-08-15 | A vulnerability has been found in Tenda CH22 1.0.0.1. |
CVE-2025-9006 | High | 8.8 | — | 2025-08-15 | A vulnerability was identified in Tenda CH22 1.0.0.1. |
CVE-2025-8958 | High | 8.8 | — | 2025-08-14 | A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. |
CVE-2025-8940 | High | 8.8 | — | 2025-08-14 | A vulnerability was identified in Tenda AC20 up to 16.03.08.12. |
CVE-2025-8939 | High | 8.8 | — | 2025-08-14 | A vulnerability was determined in Tenda AC20 up to 16.03.08.12. |
CVE-2025-8980 | Medium | 6.6 | — | 2025-08-14 | A vulnerability has been found in Tenda G1 16.01.7.8(3660). |
CVE-2025-8979 | Medium | 6.6 | — | 2025-08-14 | A vulnerability was identified in Tenda AC15 15.13.07.13. |
Apache · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54466 | Critical | 9.8 | — | 2025-08-15 | Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. |
CVE-2025-54472 | High | 7.5 | — | 2025-08-14 | Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. |
CVE-2025-48989 | High | 7.5 | — | 2025-08-13 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. |
CVE-2025-55675 | Medium | 6.5 | — | 2025-08-14 | Apache Superset contains an improper access control vulnerability in its /explore endpoint. |
CVE-2025-55674 | Medium | 6.5 | — | 2025-08-14 | A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. |
CVE-2025-55668 | Medium | 6.5 | — | 2025-08-13 | Session Fixation vulnerability in Apache Tomcat via rewrite valve. |
CVE-2025-55672 | Medium | 5.4 | — | 2025-08-14 | A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. |
CVE-2025-55673 | Medium | 4.3 | — | 2025-08-14 | When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. |
Projectworlds · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9053 | High | 7.3 | — | 2025-08-15 | A vulnerability has been found in projectworlds Travel Management System 1.0. |
CVE-2025-9052 | High | 7.3 | — | 2025-08-15 | A vulnerability was identified in projectworlds Travel Management System 1.0. |
CVE-2025-9051 | High | 7.3 | — | 2025-08-15 | A vulnerability was determined in projectworlds Travel Management System 1.0. |
CVE-2025-9050 | High | 7.3 | — | 2025-08-15 | A vulnerability was found in projectworlds Travel Management System 1.0. |
CVE-2025-9047 | High | 7.3 | — | 2025-08-15 | A vulnerability has been found in projectworlds Visitor Management System 1.0. |
CVE-2025-8948 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in projectworlds Visitor Management System 1.0. |
CVE-2025-8947 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in projectworlds Visitor Management System 1.0. |
CVE-2025-8946 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. |
Dell · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-21110 | Medium | 6.7 | — | 2025-08-14 | Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. |
CVE-2025-38738 | Medium | 6.7 | — | 2025-08-14 | SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. |
CVE-2025-36612 | Medium | 6.7 | — | 2025-08-14 | SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. |
CVE-2025-26484 | Medium | 5.5 | — | 2025-08-14 | Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. |
CVE-2025-38745 | Medium | 4.8 | — | 2025-08-14 | Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. |
CVE-2025-36581 | Low | 3.8 | — | 2025-08-14 | Dell PowerEdge Platform version(s) 14G AMD BIOS v1.25.0 and prior, contain(s) an Access of Memory Location After End of Buffer vulnerability. |
CVE-2025-36613 | Low | 2.8 | — | 2025-08-14 | SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. |
Ivanti · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5462 | High | 7.5 | — | 2025-08-12 | A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025… |
CVE-2025-5456 | High | 7.5 | — | 2025-08-12 | A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2… |
CVE-2025-8297 | High | 7.2 | — | 2025-08-12 | Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution |
CVE-2025-8296 | High | 7.2 | — | 2025-08-12 | SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. |
CVE-2025-8310 | Medium | 6.5 | — | 2025-08-12 | Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password |
CVE-2025-5468 | Medium | 5.5 | — | 2025-08-12 | Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed… |
CVE-2025-5466 | Medium | 4.9 | — | 2025-08-12 | XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authent… |
Sourcecodester · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8989 | High | 7.3 | — | 2025-08-15 | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. |
CVE-2025-8988 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in SourceCodester COVID 19 Testing Management System 1.0. |
CVE-2025-8987 | High | 7.3 | — | 2025-08-14 | A vulnerability was identified in SourceCodester COVID 19 Testing Management System 1.0. |
CVE-2025-8986 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. |
CVE-2025-8985 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. |
CVE-2025-8953 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. |
CVE-2025-8926 | High | 7.3 | — | 2025-08-13 | A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. |
Anisha · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9028 | High | 7.3 | — | 2025-08-15 | A flaw has been found in code-projects Online Medicine Guide 1.0. |
CVE-2025-9027 | High | 7.3 | — | 2025-08-15 | A vulnerability has been found in code-projects Online Medicine Guide 1.0. |
CVE-2025-8990 | High | 7.3 | — | 2025-08-15 | A vulnerability was determined in code-projects Online Medicine Guide 1.0. |
CVE-2025-8923 | High | 7.3 | — | 2025-08-13 | A vulnerability was determined in code-projects Job Diary 1.0. |
CVE-2025-8922 | High | 7.3 | — | 2025-08-13 | A vulnerability was found in code-projects Job Diary 1.0. |
CVE-2025-8921 | High | 7.3 | — | 2025-08-13 | A vulnerability has been found in code-projects Job Diary 1.0. |
Bplugins · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8059 | Critical | 9.8 | — | 2025-08-12 | The B Blocks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization and improper input validation within the rgfr_registration() function in all versions up to, and including, 2.0.6. |
CVE-2025-8418 | High | 8.8 | — | 2025-08-12 | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. |
CVE-2025-54708 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Blocks b-blocks allows DOM-Based XSS.This issue affects B Blocks: from n/a through <= 2.0.5. |
CVE-2025-8680 | Medium | 4.3 | — | 2025-08-15 | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fs_api_request function. |
CVE-2025-8676 | Medium | 4.3 | — | 2025-08-15 | The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in versions less than, or equal to, 2.0.0 via the get_active_plugins function. |
CVE-2025-54694 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through <= 1.2.0. |
Hcl Software · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52621 | Medium | 5.3 | — | 2025-08-15 | HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. |
CVE-2025-52619 | Medium | 5.3 | — | 2025-08-15 | HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. |
CVE-2025-31987 | Medium | 4.8 | — | 2025-08-14 | HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. |
CVE-2025-52620 | Medium | 4.3 | — | 2025-08-15 | HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. |
CVE-2025-52618 | Medium | 4.3 | — | 2025-08-15 | HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. |
CVE-2025-31961 | Low | 3.7 | — | 2025-08-15 | HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. |
Nvidia · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-23306 | High | 7.8 | — | 2025-08-13 | NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. |
CVE-2025-23305 | High | 7.8 | — | 2025-08-13 | NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. |
CVE-2025-23298 | High | 7.8 | — | 2025-08-13 | NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. |
CVE-2025-23296 | High | 7.8 | — | 2025-08-13 | NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. |
CVE-2025-23295 | High | 7.8 | — | 2025-08-13 | NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. |
CVE-2025-23294 | High | 7.8 | — | 2025-08-13 | NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. |
Phpgurukul · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9024 | High | 7.3 | — | 2025-08-15 | A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. |
CVE-2025-9013 | High | 7.3 | — | 2025-08-15 | A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. |
CVE-2025-9012 | High | 7.3 | — | 2025-08-15 | A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. |
CVE-2025-9011 | High | 7.3 | — | 2025-08-15 | A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. |
CVE-2025-8951 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. |
CVE-2025-9017 | Medium | 4.3 | — | 2025-08-15 | A vulnerability has been found in PHPGurukul Zoo Management System 2.1. |
Wellchoose · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8913 | Critical | 9.8 | — | 2025-08-13 | Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. |
CVE-2025-8912 | High | 7.5 | — | 2025-08-13 | Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. |
CVE-2025-8914 | Medium | 6.5 | — | 2025-08-13 | Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. |
CVE-2025-8909 | Medium | 6.5 | — | 2025-08-13 | Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files. |
CVE-2025-8911 | Medium | 6.1 | — | 2025-08-13 | Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. |
CVE-2025-8910 | Medium | 6.1 | — | 2025-08-13 | Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. |
1000 Projects · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8936 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in 1000 Projects Sales Management System 1.0. |
CVE-2025-8935 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in 1000 Projects Sales Management System 1.0. |
CVE-2025-8932 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in 1000 Projects Sales Management System 1.0. |
CVE-2025-8934 | Medium | 4.3 | — | 2025-08-14 | A vulnerability has been found in 1000 Projects Sales Management System 1.0. |
CVE-2025-8933 | Medium | 4.3 | — | 2025-08-14 | A vulnerability was identified in 1000 Projects Sales Management System 1.0. |
Campcodes · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8960 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. |
CVE-2025-8957 | High | 7.3 | — | 2025-08-14 | A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. |
CVE-2025-8952 | High | 7.3 | — | 2025-08-14 | A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. |
CVE-2025-8950 | High | 7.3 | — | 2025-08-14 | A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. |
CVE-2025-8924 | High | 7.3 | — | 2025-08-13 | A vulnerability was identified in Campcodes Online Water Billing System 1.0. |
D-link · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9026 | High | 7.3 | — | 2025-08-15 | A vulnerability was identified in D-Link DIR-860L 2.04.B04. |
CVE-2025-8949 | High | 7.2 | — | 2025-08-14 | A vulnerability was identified in D-Link DIR-825 2.10. |
CVE-2025-8978 | Medium | 6.6 | — | 2025-08-14 | A vulnerability was determined in D-Link DIR-619L 6.02CN02. |
CVE-2025-8956 | Medium | 6.3 | — | 2025-08-14 | A vulnerability was found in D-Link DIR‑818L up to 1.05B01. |
CVE-2025-9003 | Low | 3.5 | — | 2025-08-15 | A vulnerability has been found in D-Link DIR-818LW 1.04. |
F5 · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52585 | High | 7.5 | — | 2025-08-13 | When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. |
CVE-2025-46405 | High | 7.5 | — | 2025-08-13 | When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. |
CVE-2025-54809 | High | 7.4 | — | 2025-08-13 | F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. |
CVE-2025-54500 | Medium | 5.3 | — | 2025-08-13 | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of T… |
CVE-2025-53859 | Low | 3.7 | — | 2025-08-13 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sen… |
Hortusfox · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-45317 | Medium | 6.5 | — | 2025-08-13 | A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive. |
CVE-2025-45313 | Medium | 6.1 | — | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter. |
CVE-2025-45316 | Medium | 6.1 | — | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the TextBlockModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter. |
CVE-2025-45314 | Medium | 6.1 | — | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function. |
CVE-2025-45315 | Medium | 5.4 | — | 2025-08-13 | A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parame… |
Labredescefetrj · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55168 | Critical | 9.8 | — | 2025-08-12 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. |
CVE-2025-55167 | Critical | 9.8 | — | 2025-08-12 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. |
CVE-2025-55171 | High | 7.5 | — | 2025-08-12 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. |
CVE-2025-55170 | Medium | 6.5 | — | 2025-08-12 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. |
CVE-2025-55169 | Medium | 6.5 | — | 2025-08-12 | WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. |
Nasm · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8846 | Medium | 5.3 | — | 2025-08-11 | A vulnerability has been found in NASM Netwide Assember 2.17rc0. |
CVE-2025-8845 | Medium | 5.3 | — | 2025-08-11 | A vulnerability was identified in NASM Netwide Assember 2.17rc0. |
CVE-2025-8843 | Medium | 5.3 | — | 2025-08-11 | A vulnerability was found in NASM Netwide Assember 2.17rc0. |
CVE-2025-8842 | Medium | 5.3 | — | 2025-08-11 | A vulnerability has been found in NASM Netwide Assember 2.17rc0. |
CVE-2025-8844 | Low | 3.3 | — | 2025-08-11 | A vulnerability was determined in NASM Netwide Assember 2.17rc0. |
Palo Alto Networks · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-2184 | — | — | — | 2025-08-13 | A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. |
CVE-2025-2183 | — | — | — | 2025-08-13 | An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. |
CVE-2025-2182 | — | — | — | 2025-08-13 | A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). |
CVE-2025-2181 | — | — | — | 2025-08-13 | A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. |
CVE-2025-2180 | — | — | — | 2025-08-13 | An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma®… |
Unknown · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8047 | Critical | 9.8 | — | 2025-08-14 | The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. |
CVE-2025-6715 | Critical | 9.8 | — | 2025-08-13 | The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. |
CVE-2025-3414 | Medium | 5.4 | — | 2025-08-14 | The Structured Content (JSON-LD) #wpsc WordPress plugin before 1.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor r… |
CVE-2025-6790 | Medium | 4.3 | — | 2025-08-14 | The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. |
CVE-2025-7965 | Medium | 4.3 | — | 2025-08-11 | The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Yugabytedb Inc · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8866 | — | — | — | 2025-08-11 | YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. |
CVE-2025-8865 | — | — | — | 2025-08-11 | The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. |
CVE-2025-8864 | — | — | — | 2025-08-11 | Shared Access Signature token is not masked in the backup configuration response and is also exposed in the yb_backup logs |
CVE-2025-8863 | — | — | — | 2025-08-11 | YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission |
CVE-2025-8862 | — | — | — | 2025-08-11 | YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. |
Abb · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53187 | Critical | 9.8 | — | 2025-08-11 | Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. |
CVE-2025-7679 | High | 8.1 | — | 2025-08-11 | The ASPECT system allows users to bypass authentication. |
CVE-2025-8754 | High | 7.5 | — | 2025-08-13 | Missing Authentication for Critical Function vulnerability in ABB ABB AbilityTM zenon.This issue affects ABB AbilityTM zenon: from 7.50 through 14. |
CVE-2025-7677 | Medium | 5.9 | — | 2025-08-11 | A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. |
Crocoblock · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55714 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through <= 2.7… |
CVE-2025-54749 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery jet-woo-product-gallery allows Stored XSS.This issue affects JetProductGallery: from n/a through <= 2.2.0.2. |
CVE-2025-54688 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Stored XSS.This issue affects JetEngine: from n/a through <= 3.7.1.2. |
CVE-2025-54687 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs jet-tabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through <= 2.2.9.1. |
Imagemagick · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55154 | High | 8.8 | — | 2025-08-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2025-55004 | High | 7.6 | — | 2025-08-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2025-55160 | Medium | 6.1 | — | 2025-08-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
CVE-2025-55005 | Medium | 5.5 | — | 2025-08-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. |
Mtons · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8992 | Medium | 4.3 | — | 2025-08-15 | A vulnerability has been found in mtons mblog up to 3.5.0. |
CVE-2025-9005 | Low | 3.7 | — | 2025-08-15 | A vulnerability was determined in mtons mblog up to 3.5.0. |
CVE-2025-9004 | Low | 3.7 | — | 2025-08-15 | A vulnerability was found in mtons mblog up to 3.5.0. |
CVE-2025-8927 | Low | 3.7 | — | 2025-08-13 | A vulnerability was determined in mtons mblog up to 3.5.0. |
Netskope · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5942 | — | — | — | 2025-08-14 | Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. |
CVE-2025-5941 | — | — | — | 2025-08-14 | Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. |
CVE-2025-0309 | — | — | — | 2025-08-14 | An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. |
CVE-2024-7402 | — | — | — | 2025-08-14 | Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communicati… |
Zkteco Co · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55280 | — | — | — | 2025-08-13 | This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. |
CVE-2025-55279 | — | — | — | 2025-08-13 | This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. |
CVE-2025-54465 | — | — | — | 2025-08-13 | This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. |
CVE-2025-54464 | — | — | — | 2025-08-13 | This vulnerability exists in ZKTeco WL20 due to storage of admin and user credentials without encryption in the device firmware. |
Apple · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8672 | High | 7.8 | — | 2025-08-11 | MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. |
CVE-2025-48500 | High | 7.3 | — | 2025-08-13 | A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Softw… |
CVE-2025-43201 | Medium | 6.2 | — | 2025-08-15 | This issue was addressed with improved checks. |
Autodesk · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5048 | High | 7.8 | — | 2025-08-15 | A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. |
CVE-2025-5047 | High | 7.8 | — | 2025-08-15 | A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. |
CVE-2025-5046 | High | 7.8 | — | 2025-08-15 | A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. |
Axis · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3892 | Medium | 6.7 | — | 2025-08-12 | ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. |
CVE-2025-30027 | Medium | 6.7 | — | 2025-08-12 | An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. |
CVE-2025-7622 | Medium | 5.7 | — | 2025-08-12 | During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered. |
Bosch Rexroth Ag · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48860 | High | 8.0 | — | 2025-08-14 | A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. |
CVE-2025-48862 | High | 7.1 | — | 2025-08-14 | Ambiguous wording in the web interface of the ctrlX OS setup mechanism could lead the user to believe that the backup file is encrypted when a password is set. |
CVE-2025-48861 | Medium | 5.3 | — | 2025-08-14 | A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps. |
Broadcom · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8660 | Critical | 9.8 | — | 2025-08-11 | Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. |
CVE-2025-8661 | Medium | 6.1 | — | 2025-08-11 | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. |
CVE-2025-9019 | Low | 3.1 | — | 2025-08-15 | A vulnerability has been found in tcpreplay 4.5.1. |
Cherry-ai · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54074 | Critical | 9.8 | — | 2025-08-13 | Cherry Studio is a desktop client that supports for multiple LLM providers. |
CVE-2025-54382 | Critical | 9.6 | — | 2025-08-13 | Cherry Studio is a desktop client that supports for multiple LLM providers. |
CVE-2025-54063 | High | 8.0 | — | 2025-08-11 | Cherry Studio is a desktop client that supports for multiple LLM providers. |
Crm Perks · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54684 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact cf7-constant-contact allows Stored XSS.This issue affects Integration for C… |
CVE-2025-54682 | Medium | 5.4 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Cross Site Request Forgery.This issue affects Connector for Gravity Forms and Google Sheets: fr… |
CVE-2025-54681 | Medium | 4.7 | — | 2025-08-14 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Phishing.This issue affects Connector for Gravity Forms and Google Sheets: fr… |
Ibm · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-36124 | Medium | 5.9 | — | 2025-08-12 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration |
CVE-2025-36088 | Medium | 5.4 | — | 2025-08-15 | IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. |
CVE-2025-36000 | Medium | 4.4 | — | 2025-08-12 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. |
Instar · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8760 | Critical | 9.8 | — | 2025-08-13 | A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. |
CVE-2025-8761 | High | 7.5 | — | 2025-08-13 | A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. |
CVE-2025-8762 | Medium | 6.8 | — | 2025-08-13 | A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. |
Insyde Software · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4410 | High | 7.5 | — | 2025-08-13 | A buffer overflow vulnerability exists in the module SetupUtility. |
CVE-2025-4277 | High | 7.5 | — | 2025-08-13 | Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. |
CVE-2025-4276 | High | 7.5 | — | 2025-08-13 | UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. |
Jasper_project · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8837 | Medium | 5.3 | — | 2025-08-11 | A vulnerability was identified in JasPer up to 4.2.5. |
CVE-2025-8836 | Low | 3.3 | — | 2025-08-11 | A vulnerability was determined in JasPer up to 4.2.5. |
CVE-2025-8835 | Low | 3.3 | — | 2025-08-11 | A vulnerability was found in JasPer up to 4.2.5. |
Liferay · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-43735 | Medium | 6.1 | — | 2025-08-12 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7… |
CVE-2025-43734 | Medium | 5.4 | — | 2025-08-12 | A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024… |
CVE-2025-43736 | Medium | 4.3 | — | 2025-08-12 | A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13… |
Linlinjava · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8965 | Medium | 6.3 | — | 2025-08-14 | A vulnerability has been found in linlinjava litemall up to 1.8.0. |
CVE-2025-8991 | Medium | 4.3 | — | 2025-08-15 | A vulnerability was identified in linlinjava litemall up to 1.8.0. |
CVE-2025-8974 | Low | 3.7 | — | 2025-08-14 | A vulnerability was determined in linlinjava litemall up to 1.8.0. |
Omnissa · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-25235 | High | 8.6 | — | 2025-08-11 | Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks. |
CVE-2025-25231 | High | 7.5 | — | 2025-08-11 | Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints. |
CVE-2025-25229 | Medium | 5.4 | — | 2025-08-11 | Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal networ… |
Oretnom23 · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9022 | High | 7.3 | — | 2025-08-15 | A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. |
CVE-2025-9021 | High | 7.3 | — | 2025-08-15 | A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. |
CVE-2025-8973 | High | 7.3 | — | 2025-08-14 | A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. |
Portabilis · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8920 | Low | 2.4 | — | 2025-08-13 | A vulnerability was identified in Portabilis i-Diario 1.6. |
CVE-2025-8919 | Low | 2.4 | — | 2025-08-13 | A vulnerability was determined in Portabilis i-Diario up to 1.6. |
CVE-2025-8918 | Low | 2.4 | — | 2025-08-13 | A vulnerability was found in Portabilis i-Educar up to 2.10. |
Stirlingpdf · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55161 | High | 8.6 | — | 2025-08-11 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. |
CVE-2025-55151 | High | 8.6 | — | 2025-08-11 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. |
CVE-2025-55150 | High | 8.6 | — | 2025-08-11 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. |
Advanced_intrusion_detection_environment_project · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54409 | Medium | 6.2 | — | 2025-08-14 | AIDE is an advanced intrusion detection environment. |
CVE-2025-54389 | Medium | 6.2 | — | 2025-08-14 | AIDE is an advanced intrusion detection environment. |
Amazon · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8904 | High | 8.5 | — | 2025-08-13 | Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. |
CVE-2025-9039 | Medium | 4.3 | — | 2025-08-14 | We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incomi… |
Ami · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-22830 | Medium | 6.7 | — | 2025-08-12 | APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. |
CVE-2025-22834 | Medium | 4.2 | — | 2025-08-12 | AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. |
Beeteam368 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-25174 | Critical | 10.0 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 E… |
CVE-2025-25172 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4. |
Creativemindssolutions · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54727 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Stored XSS.This issue affects CM On Demand… |
CVE-2025-54728 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Cross Site Request Forgery.This issue affects CM On Demand Search And Replace: from n/a throug… |
Debian · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-38500 | High | 7.8 | — | 2025-08-12 | In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_change… |
CVE-2025-38499 | Medium | 5.5 | — | 2025-08-11 | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount w… |
Drupal · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8362 | Medium | 6.1 | — | 2025-08-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0. |
CVE-2025-8996 | Medium | 4.3 | — | 2025-08-15 | Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0. |
Fahadmahmood · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8046 | Medium | 6.1 | — | 2025-08-14 | The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers |
CVE-2025-7808 | Medium | 6.1 | — | 2025-08-14 | The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin |
Firebirdsql · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-24975 | High | 7.1 | — | 2025-08-15 | Firebird is a relational database. |
CVE-2025-54989 | Medium | 5.3 | — | 2025-08-15 | Firebird is a relational database. |
Givanz · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8976 | Low | 3.5 | — | 2025-08-14 | A vulnerability has been found in givanz Vvveb up to 1.0.5. |
CVE-2025-8975 | Low | 3.5 | — | 2025-08-14 | A vulnerability was identified in givanz Vvveb up to 1.0.5. |
Goodlayers · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53342 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Modernize modernize allows Stored XSS.This issue affects Modernize: from n/a through <= 3.4.0. |
CVE-2025-53343 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in GoodLayers Modernize modernize allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modernize: from n/a through <= 3.4.0. |
Hashthemes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54704 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows DOM-Based XSS.This issue affects Easy Elementor Addons: from n/a through <=… |
CVE-2025-54712 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in hashthemes Easy Elementor Addons easy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Elementor Addons: from n/a through <= 2.2.7. |
Helm · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55199 | Medium | 6.5 | — | 2025-08-14 | Helm is a package manager for Charts for Kubernetes. |
CVE-2025-55198 | Medium | 6.5 | — | 2025-08-14 | Helm is a package manager for Charts for Kubernetes. |
Intel · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-33607 | Medium | 5.6 | — | 2025-08-12 | Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. |
CVE-2025-20090 | Medium | 5.5 | — | 2025-08-12 | Untrusted Pointer Dereference for some Intel(R) QuickAssist Technology software before version 2.5.0 may allow an authenticated user to potentially enable denial of service via local access. |
Jishenghua · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8839 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was found in jshERP up to 3.5. |
CVE-2025-8840 | Medium | 5.4 | — | 2025-08-11 | A vulnerability was determined in jshERP up to 3.5. |
Kanboard · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55010 | Critical | 9.1 | — | 2025-08-12 | Kanboard is project management software that focuses on the Kanban methodology. |
CVE-2025-55011 | Medium | 6.4 | — | 2025-08-12 | Kanboard is project management software that focuses on the Kanban methodology. |
Legion Of The Bouncy Castle Inc. · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8916 | — | — | — | 2025-08-13 | Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. |
CVE-2025-8885 | — | — | — | 2025-08-12 | Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. |
Libcsp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-51824 | Medium | 6.5 | — | 2025-08-11 | libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c. |
CVE-2025-51823 | Medium | 6.5 | — | 2025-08-11 | libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() function due to improper handling of the ifname parameter. |
Libtiff · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8851 | Medium | 5.3 | — | 2025-08-11 | A vulnerability was determined in LibTIFF up to 4.5.1. |
CVE-2025-8961 | Low | 3.3 | — | 2025-08-14 | A weakness has been identified in LibTIFF 4.7.0. |
Lisensee · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52765 | High | 7.1 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Stored XSS.This issue affects NetInsight Analytics Implementation Plugin: from n/a thr… |
CVE-2025-52767 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in lisensee NetInsight Analytics Implementation Plugin netinsight-analytics-implementation-plugin allows Cross Site Request Forgery.This issue affects NetInsight Analytics Implementation Plug… |
Mechrevo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9016 | High | 7.0 | — | 2025-08-15 | A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. |
CVE-2025-9000 | High | 7.0 | — | 2025-08-15 | A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. |
N-able · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8876 | High | 8.8 | KEV | 2025-08-14 | Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. |
CVE-2025-8875 | High | 7.8 | KEV | 2025-08-14 | Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1. |
Nixos · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54864 | High | 7.5 | — | 2025-08-12 | Hydra is a continuous integration service for Nix based projects. |
CVE-2025-54800 | Medium | 6.1 | — | 2025-08-12 | Hydra is a continuous integration service for Nix based projects. |
Posimyth · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55712 | Medium | 6.5 | — | 2025-08-14 | Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite the-plus-addons-for-elementor-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus… |
CVE-2025-54739 | Medium | 5.3 | — | 2025-08-14 | Missing Authorization vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through <= 4.5.4. |
Realmag777 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54707 | Critical | 9.3 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects MDTF: from n/a through <= 1.3.3.7. |
CVE-2025-52732 | High | 8.8 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a t… |
Red Hat · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8941 | High | 7.8 | — | 2025-08-13 | A flaw was found in linux-pam. |
CVE-2023-5342 | Medium | 4.1 | — | 2025-08-14 | The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. |
Saad Iqbal · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54668 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saad Iqbal myCred mycred allows Stored XSS.This issue affects myCred: from n/a through <= 2.9.4.3. |
CVE-2025-54667 | Medium | 5.3 | — | 2025-08-14 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Saad Iqbal myCred mycred allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions.This issue affects myCred: from n/a through <= 2.9.4.3. |
Themeatelier · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-30635 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro idonate-pro allows PHP Local File Inclusion.This issue affects IDonatePro: from n/a through <=… |
CVE-2025-30639 | High | 7.5 | — | 2025-08-14 | Missing Authorization vulnerability in ThemeAtelier IDonatePro idonate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IDonatePro: from n/a through <= 2.1.9. |
Themefunction · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52731 | High | 7.5 | — | 2025-08-14 | Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager… |
CVE-2025-52730 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Stored XSS.This issue affects WordPress Event… |
Thememove · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54701 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3. |
CVE-2025-54700 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8… |
Totolink · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8938 | Medium | 6.3 | — | 2025-08-14 | A vulnerability was found in TOTOLINK N350R 1.2.3-B20130826. |
CVE-2025-8937 | Medium | 6.3 | — | 2025-08-14 | A vulnerability has been found in TOTOLINK N350R 1.2.3-B20130826. |
Unattributed · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55346 | Critical | 9.8 | — | 2025-08-14 | User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request. |
CVE-2025-55345 | High | 8.8 | — | 2025-08-13 | Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working direc… |
Vim · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55158 | High | 8.8 | — | 2025-08-11 | Vim is an open source, command line text editor. |
CVE-2025-55157 | High | 8.8 | — | 2025-08-11 | Vim is an open source, command line text editor. |
Zoom · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49457 | Critical | 9.6 | — | 2025-08-12 | Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access |
CVE-2025-49456 | Medium | 6.2 | — | 2025-08-12 | Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. |
Zoomit · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-29014 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. |
CVE-2025-28999 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. |
10up · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8482 | Medium | 4.3 | — | 2025-08-12 | The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of data in version 2.8.4. |
2100 Technology · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8853 | Critical | 9.8 | — | 2025-08-11 | Official Document Management System developed by 2100 Technology has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to obtain any user's connection token and use it to log into the system as that user. |
48hmorris · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7641 | High | 7.5 | — | 2025-08-15 | The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and includin… |
51mis · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8908 | Medium | 6.3 | — | 2025-08-13 | A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. |
5kcrm · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8852 | Medium | 4.3 | — | 2025-08-11 | A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. |
Aa Web Servant · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54054 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Stored XSS.This issue affects 12 Step Meeting List: from n/a through <= 3… |
Acato · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52716 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through <… |
Addix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8690 | Medium | 6.4 | — | 2025-08-12 | The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. |
Ai_seo_link_advisor_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8675 | High | 8.8 | — | 2025-08-15 | Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6. |
Akcess-net · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7761 | — | — | — | 2025-08-14 | Lepszy BIP is vulnerable to Reflected Cross-Site Scripting (XSS). |
Alobaidi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8080 | Medium | 4.4 | — | 2025-08-15 | The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. |
Alvind · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31007 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 billplz-for-contact-form-7 allows Reflected XSS.This issue affects Billplz Addon for Contact Form… |
Angeljudesuarez · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8925 | High | 7.3 | — | 2025-08-13 | A vulnerability has been found in itsourcecode Sports Management System 1.0. |
Anwppro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8767 | Medium | 4.8 | — | 2025-08-12 | The AnWP Football Leagues plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 0.16.17 via the 'download_csv_players' and 'download_csv_games' functions. |
Apustheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53587 | High | 8.8 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo findgo allows Cross Site Request Forgery.This issue affects Findgo: from n/a through <= 1.3.57. |
Arraytics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49869 | High | 8.8 | — | 2025-08-14 | Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.0.31. |
Artiosmedia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53581 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artiosmedia RSS Feed Pro rss-feed-pro allows Stored XSS.This issue affects RSS Feed Pro: from n/a through <= 1.1.8. |
Artkrylov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7778 | Critical | 9.8 | — | 2025-08-15 | The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. |
Ashanjay · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8091 | Medium | 4.3 | — | 2025-08-15 | The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. |
Ashish · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-50029 | Medium | 6.5 | — | 2025-08-14 | Missing Authorization vulnerability in Ashish AI Tools artificial-intelligence-auto-content-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Tools: from n/a through <= 4.0.7. |
Astoundify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54683 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify WP Modal Popup with Cookie Integration wp-modal-popup-with-cookie-integration allows Reflected XSS.This issue affects WP Modal… |
Authenticator_login_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8995 | Critical | 9.8 | — | 2025-08-15 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4. |
Auxilium · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10038 | — | — | — | 2025-08-11 | Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. |
Ays Pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54673 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Chartify chart-builder allows Cross Site Request Forgery.This issue affects Chartify: from n/a through <= 3.5.3. |
Backstage · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55285 | Low | 2.6 | — | 2025-08-15 | @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. |
Bbioon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5391 | High | 8.1 | — | 2025-08-12 | The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. |
Bcupham · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52771 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bcupham Video Expander video-expander allows Stored XSS.This issue affects Video Expander: from n/a through <= 1.0. |
Bestiadurmiente · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49065 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestiaDurmiente Visit Counter visit-counter allows Stored XSS.This issue affects Visit Counter: from n/a through <= 1.0. |
Biscia7 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49051 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biscia7 Hide Text Shortcode hide-text-shortcode allows Stored XSS.This issue affects Hide Text Shortcode: from n/a through <= 1.1. |
Bitpressadmin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6679 | Critical | 9.8 | — | 2025-08-15 | The Bit Form builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.20.4. |
Bobbingwide · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54671 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in bobbingwide oik oik allows Cross Site Request Forgery.This issue affects oik: from n/a through <= 4.15.2. |
Boldgrid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52712 | Medium | 4.2 | — | 2025-08-14 | Path Traversal: '.../...//' vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Path Traversal.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.8. |
Brainstorm Force · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54685 | Medium | 6.5 | — | 2025-08-14 | Insertion of Sensitive Information Into Sent Data vulnerability in Brainstorm Force SureDash suredash allows Retrieve Embedded Sensitive Data.This issue affects SureDash: from n/a through <= 1.1.0. |
Brother Industries, Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8452 | Medium | 4.3 | — | 2025-08-12 | By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. |
Bulletphysics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8854 | Critical | 9.8 | — | 2025-08-11 | Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or inv… |
Bunkerity · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8066 | — | — | — | 2025-08-15 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Bunkerity Bunker Web on Linux allows Phishing.This issue affects Bunker Web: 1.6.2. |
Cartpauj · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54746 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj Shortcode Redirect shortcode-redirect allows Stored XSS.This issue affects Shortcode Redirect: from n/a through <= 1.0.02. |
Checkpoint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3831 | High | 8.1 | — | 2025-08-12 | Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. |
Cleverreach® · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49059 | Critical | 9.3 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach® WP: from n/a through <= 1.5.20. |
Cloud Infrastructure Services · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49264 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inc… |
Codeablepress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53221 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in codeablepress CodeablePress codeablepress-simple-frontend-profile-picture-upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CodeablePress: from n/a thro… |
Codefuse · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-45146 | Critical | 9.8 | — | 2025-08-11 | ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. |
Comsndftp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10055 | — | — | — | 2025-08-13 | ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. |
Config_pages_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8361 | High | 7.6 | — | 2025-08-15 | Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0. |
Cookies_consent_management_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8092 | High | 7.6 | — | 2025-08-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2… |
Cornfeed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49062 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cornfeed WP-jScrollPane wp-jscrollpane allows Reflected XSS.This issue affects WP-jScrollPane: from n/a through <= 2.0.3. |
Creativethemeshq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55713 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativethemeshq Blocksy blocksy allows Stored XSS.This issue affects Blocksy: from n/a through <= 2.1.6. |
Crmperks · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7384 | Critical | 9.8 | — | 2025-08-13 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. |
Cytel Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10015 | — | — | — | 2025-08-13 | Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. |
Damian Góra · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47444 | Medium | 5.3 | — | 2025-08-12 | Missing Authorization vulnerability in Damian Góra FiboSearch ajax-search-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiboSearch: from n/a through <= 1.32.1. |
Dariolee · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49052 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in Dariolee Netease Music netease-music allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netease Music: from n/a through <= 3.2.1. |
Darylldoyle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55166 | — | — | — | 2025-08-12 | savg-sanitizer is a PHP SVG/XML sanitizer. |
Denoland · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55195 | High | 7.3 | — | 2025-08-14 | @std/toml is the Deno Standard Library. |
Devitems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54695 | Medium | 5.4 | — | 2025-08-14 | Missing Authorization vulnerability in DevItems HT Mega ht-mega-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HT Mega: from n/a through <= 2.9.0. |
Dj-extensions.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54474 | — | — | — | 2025-08-15 | A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. |
Dmitry V. (Ceo Of "Ukr Solution") · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54715 | Medium | 4.9 | — | 2025-08-14 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Dmitry V. |
Dogukanurker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53631 | Medium | 5.4 | — | 2025-08-14 | flaskBlog is a blog app built with Flask. |
Dolibarr Project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10059 | — | — | — | 2025-08-13 | Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. |
Dylan Kuhn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48293 | Critical | 9.8 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through <=… |
E-plugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54717 | Medium | 5.4 | — | 2025-08-14 | Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.3. |
Ebernstein · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8688 | Medium | 6.4 | — | 2025-08-12 | The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplie… |
Elementor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8081 | Medium | 4.9 | — | 2025-08-12 | The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. |
Elinkcontent · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7507 | Medium | 6.4 | — | 2025-08-15 | The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. |
Emarket-design · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8314 | Medium | 6.4 | — | 2025-08-12 | The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccess_msg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. |
Emilien · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8685 | Medium | 6.4 | — | 2025-08-12 | The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpchart shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supp… |
Epiphyt · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54693 | Critical | 9.0 | — | 2025-08-14 | Unrestricted Upload of File with Dangerous Type vulnerability in epiphyt Form Block form-block allows Upload a Web Shell to a Web Server.This issue affects Form Block: from n/a through <= 1.5.5. |
Ether · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40920 | High | 8.6 | — | 2025-08-11 | Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. |
Evigeo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7662 | Medium | 6.5 | — | 2025-08-15 | The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficien… |
Expresstech Systems · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55708 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a thro… |
External-secrets · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55196 | — | — | — | 2025-08-13 | External Secrets Operator is a Kubernetes operator that integrates external secret management systems. |
Eyecix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52806 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch wp-jobsearch allows PHP Local File Inclusion.This issue affects JobSearch: from n/a through < 3.0.8. |
Eyoucms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52335 | Medium | 6.1 | — | 2025-08-14 | EyouCMS 1.7.3 is vulnerale to Cross Site Scripting (XSS) in index.php, which can be exploited to obtain sensitive information. |
Fastly · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8671 | High | 7.5 | — | 2025-08-13 | A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (D… |
Federico Rota · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49037 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Federico Rota Authentication and xmlrpc log writer authentication-and-xmlrpc-log-writer allows Reflected XSS.This issue affects Authentic… |
File Manager · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-0818 | Medium | 6.5 | — | 2025-08-13 | Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. |
Flexostudio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52769 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in flexostudio flexo-social-gallery flexo-social-gallery allows Cross Site Request Forgery.This issue affects flexo-social-gallery: from n/a through <= 1.0006. |
Flowiseai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8943 | Critical | 9.8 | — | 2025-08-14 | The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. |
Foxit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32451 | High | 8.8 | — | 2025-08-13 | A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. |
Fwdesign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49432 | Medium | 5.3 | — | 2025-08-15 | Missing Authorization vulnerability in FWDesign Ultimate Video Player fwduvp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Video Player: from n/a through <= 10.1. |
Gelbphoenix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55165 | High | 8.2 | — | 2025-08-12 | Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. |
Glboy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8342 | High | 8.1 | — | 2025-08-15 | The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8… |
Google · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8747 | High | 7.8 | — | 2025-08-11 | A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0 through 3.10.0 allows an attacker to achieve arbitrary code execution by convincing a user to load a specially crafted `.keras` model archive. |
Gopiplus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49897 | High | 8.8 | — | 2025-08-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. |
Gravitywp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49271 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - M… |
H3c · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8907 | High | 7.0 | — | 2025-08-13 | A vulnerability was found in H3C M2 NAS V100R006. |
Hakeemnala · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53249 | Medium | 6.5 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23. |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8959 | High | 7.5 | — | 2025-08-15 | HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. |
Hassantafreshi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54678 | Critical | 9.3 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 3… |
Helmetjs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55164 | — | — | — | 2025-08-12 | content-security-policy-parser parses content security policy directives. |
Highwarden · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52720 | Critical | 9.3 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.5. |
Hp Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-5477 | — | — | — | 2025-08-13 | A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that re… |
Hp, Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-43490 | — | — | — | 2025-08-15 | A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. |
Hyland Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-34153 | — | — | — | 2025-08-13 | Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. |
I3geek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49063 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in i3geek BaiduXZH Submit(百度熊掌号) i3geek-baiduxzh allows Reflected XSS.This issue affects BaiduXZH Submit(百度熊掌号): from n/a through <= 1.4.6. |
Imithemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39483 | Medium | 6.5 | — | 2025-08-14 | Improper Control of Generation of Code ('Code Injection') vulnerability in imithemes Eventer eventer allows Code Injection.This issue affects Eventer: from n/a through < 3.9.9.1. |
Infosoftplugin · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52820 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (PO… |
Inpersttion · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8905 | Medium | 6.3 | — | 2025-08-15 | The Inpersttion For Theme plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0 via the theme_section_shortcode() function. |
Inspectlet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49048 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-recording allows Stored XSS.This issue a… |
Iqonicdesign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8867 | Medium | 6.4 | — | 2025-08-15 | The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. |
Jason-lau · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7688 | Medium | 6.1 | — | 2025-08-15 | The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. |
Jcg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8834 | Low | 2.4 | — | 2025-08-11 | A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. |
Jeecg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8963 | Medium | 6.3 | — | 2025-08-14 | A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. |
Johnh10 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47689 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in johnh10 Video Blogster Lite video-blogster-lite allows Reflected XSS.This issue affects Video Blogster Lite: from n/a through <= 1.2. |
Joomsky.com · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54475 | — | — | — | 2025-08-15 | A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands. |
Jordy Meow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54672 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in Jordy Meow Photo Engine wplr-sync allows Cross Site Request Forgery.This issue affects Photo Engine: from n/a through <= 6.4.3. |
Josepsitjar · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52797 | High | 8.2 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1. |
Jurajnyiri · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55192 | — | — | — | 2025-08-14 | HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. |
Kadesthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49053 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kadesthemes WP Airdrop Manager airdrop allows Stored XSS.This issue affects WP Airdrop Manager: from n/a through <= 1.0.5. |
Kamleshyadav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-31425 | High | 7.5 | — | 2025-08-14 | Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages leadcapture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Lead Capturing Pages: from n/a through < 2.6. |
Keeross · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49047 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in keeross DigitalOcean Spaces Sync do-spaces-sync allows Stored XSS.This issue affects DigitalOcean Spaces Sync: from n/a through <= 2.2.1. |
Keywordrush · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47536 | High | 7.2 | — | 2025-08-14 | Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through <= 7.0.0. |
Ko Min · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49057 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ko Min WP Voting wp-voting allows Reflected XSS.This issue affects WP Voting: from n/a through <= 1.8. |
Kodeshpa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53241 | Medium | 5.5 | — | 2025-08-14 | Server-Side Request Forgery (SSRF) vulnerability in kodeshpa Simplified simplified allows Server Side Request Forgery.This issue affects Simplified: from n/a through <= 1.0.11. |
Laborator · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53347 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium kalium allows Cross Site Request Forgery.This issue affects Kalium: from n/a through <= 3.18.3. |
Lambertgroup · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-30626 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder lbg_vp_youtube_vimeo_addon_visual_composer allows Reflected XSS.T… |
Lattice Semiconductor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10057 | — | — | — | 2025-08-13 | Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. |
Lcweb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52721 | Medium | 6.5 | — | 2025-08-14 | Missing Authorization vulnerability in LCweb Global Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. |
Lemonos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9001 | Medium | 5.3 | — | 2025-08-15 | A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. |
Litonice13 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8874 | Medium | 6.4 | — | 2025-08-12 | The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 2.0.8… |
Made I.t. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-24775 | Critical | 9.9 | — | 2025-08-14 | Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. |
Magepeopleteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54705 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in magepeopleteam WpEvently mage-eventpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpEvently: from n/a through <= 4.4.6. |
Makeplane · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55203 | Medium | 5.4 | — | 2025-08-15 | Plane is open-source project management software. |
Masacms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-32640 | Critical | 9.8 | — | 2025-08-11 | MASA CMS is an Enterprise Content Management platform based on open source technology. |
Masteriyo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54699 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through <= 1.18.3. |
Metagauss · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49033 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from… |
Michael Nelson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54740 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through <= 3.27.9. |
Mklacroix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54674 | Medium | 5.4 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a thro… |
Morehawes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8720 | Medium | 6.4 | — | 2025-08-15 | The Plugin README Parser plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘target’ parameter in all versions up to, and including, 1.3.15 due to insufficient input sanitization and output escaping. |
Moshensky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-50040 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moshensky CF7 Spreadsheets cf7-spreadsheets allows Stored XSS.This issue affects CF7 Spreadsheets: from n/a through <= 2.3.2. |
Motov.net · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54702 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in motov.net Ebook Store ebook-store allows Cross Site Request Forgery.This issue affects Ebook Store: from n/a through <= 5.8013. |
Mrdenny · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49054 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mrdenny Time Sheets time-sheets allows Reflected XSS.This issue affects Time Sheets: from n/a through <= 2.1.3. |
Msoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9060 | Critical | 9.1 | — | 2025-08-15 | A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. |
Mybb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10018 | Critical | 9.8 | — | 2025-08-13 | myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. |
Nasa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54878 | High | 8.6 | — | 2025-08-11 | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. |
Netop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10012 | — | — | — | 2025-08-13 | NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. |
Netty · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55163 | High | 7.5 | — | 2025-08-13 | Netty is an asynchronous, event-driven network application framework. |
Nikelschubert · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8491 | Medium | 4.3 | — | 2025-08-13 | The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. |
Nimeshrmr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-4390 | Medium | 5.3 | — | 2025-08-12 | The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'validate_restrictions' function. |
Noor Alam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54706 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display magical-posts-display allows DOM-Based XSS.This issue affects Magical Posts Display: from n/a through <=… |
Nordicmade · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54736 | Medium | 5.3 | — | 2025-08-14 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NordicMade Savoy savoy allows Retrieve Embedded Sensitive Data.This issue affects Savoy: from n/a through <= 3.0.8. |
Oceanwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8891 | Medium | 4.3 | — | 2025-08-13 | The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. |
Octagonwebstudio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49036 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This… |
Odn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8621 | Medium | 6.4 | — | 2025-08-12 | The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. |
Ome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54791 | Medium | 5.3 | — | 2025-08-13 | OMERO.web provides a web based client and plugin infrastructure. |
Openfiler · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10040 | — | — | — | 2025-08-11 | Openfiler v2.x contains a command injection vulnerability in the system.html page. |
Oppo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-27388 | — | — | — | 2025-08-14 | Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. |
Ovatheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52823 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through <= 1.16.8. |
Pareto Digital · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54730 | Medium | 5.3 | — | 2025-08-14 | Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews embedder-for-google-reviews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embedder for Google Reviews: from n/a through… |
Part-db · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55194 | Medium | 5.7 | — | 2025-08-13 | Part-DB is an open source inventory management system for electronic components. |
Passwordprotectwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5998 | Medium | 6.5 | — | 2025-08-14 | The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API. |
Perteus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49061 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in perteus Porn Videos Embed porn-videos-embed allows Stored XSS.This issue affects Porn Videos Embed: from n/a through <= 0.9.1. |
Phoca.cz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54473 | — | — | — | 2025-08-15 | An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. |
Phoenix Contact · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-41686 | High | 7.8 | — | 2025-08-12 | A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access. |
Php Volunteer Management · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10056 | — | — | — | 2025-08-13 | PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. |
Phptax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10037 | — | — | — | 2025-08-11 | PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. |
Pl4g4 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53219 | Medium | 5.4 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in pl4g4 WP-Database-Optimizer-Tools wp-database-optimizer-tools allows Cross Site Request Forgery.This issue affects WP-Database-Optimizer-Tools: from n/a through <= 0.2. |
Prabode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8568 | Medium | 6.4 | — | 2025-08-12 | The GMap Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘h’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. |
Pressforward · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28987 | Medium | 6.4 | — | 2025-08-14 | Server-Side Request Forgery (SSRF) vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through <= 5.9.5. |
Primersoftware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53575 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/… |
Princeahmed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54703 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in princeahmed Integrate Google Drive integrate-google-drive allows Cross Site Request Forgery.This issue affects Integrate Google Drive: from n/a through <= 1.5.2. |
Publishpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-48332 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks… |
Px4 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9020 | Medium | 4.5 | — | 2025-08-15 | A vulnerability was found in PX4 PX4-Autopilot up to 1.15.4. |
Py-pdf · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55197 | High | 7.5 | — | 2025-08-13 | pypdf is a free and open-source pure-python PDF library. |
Pyload · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55156 | — | — | — | 2025-08-11 | pyLoad is the free and open-source Download Manager written in pure Python. |
Quicksharehq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10010 | — | — | — | 2025-08-13 | QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. |
Quttera · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8013 | Low | 3.8 | — | 2025-08-15 | The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. |
Rabidhamster · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10058 | — | — | — | 2025-08-13 | RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. |
Radiustheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54698 | Medium | 5.4 | — | 2025-08-14 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. |
Railmedia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6025 | High | 7.5 | — | 2025-08-15 | The Order Tip for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Improper Input Validation in all versions up to, and including, 1.5.4. |
Rails · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55193 | — | — | — | 2025-08-13 | Active Record connects classes to relational database tables. |
Realnetworks Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10016 | — | — | — | 2025-08-13 | Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. |
Redqteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28975 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison… |
Rico Macchi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-30998 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: from n/a through <= 4.9.6. |
Risetheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8462 | Medium | 6.4 | — | 2025-08-12 | The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social URL parameter in all versions up to, and including, 2.3 due to insufficient input sanitization and output… |
Risk Yazılım Teknolojileri Ltd. Şti. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-1929 | High | 7.2 | — | 2025-08-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Risk Yazılım Teknolojileri Ltd. |
Romancode · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54669 | Critical | 9.3 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4. |
Ronik@unlimitedwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52775 | High | 7.1 | — | 2025-08-14 | Missing Authorization vulnerability in Ronik@UnlimitedWP Project Cost Calculator project-cost-calculator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Project Cost Calculator: from n/a through <… |
Ruoyi · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8847 | Low | 3.5 | — | 2025-08-11 | A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. |
Russell Jamieson · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52788 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix captionpix allows Reflected XSS.This issue affects CaptionPix: from n/a through <= 1.8. |
S40 Cms · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10009 | — | — | — | 2025-08-13 | S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. |
Sa-mp Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10014 | — | — | — | 2025-08-13 | GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. |
Sap · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-42936 | Medium | 5.4 | — | 2025-08-12 | The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, le… |
Scriptsbundle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54686 | Critical | 9.8 | — | 2025-08-14 | Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through <= 1.3.2. |
Seagate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9043 | — | — | — | 2025-08-14 | The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. |
Servicenow · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3089 | — | — | — | 2025-08-12 | ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. |
Setriosoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7650 | High | 7.5 | — | 2025-08-15 | The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.53 via the 'bizcalv' shortcode. |
Shabti Kaplan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49267 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.This issue affects Frontend Admin by Dyna… |
Shahjada · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54732 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in Shahjada WPDM – Premium Packages wpdm-premium-packages allows Cross Site Request Forgery.This issue affects WPDM – Premium Packages: from n/a through <= 6.0.2. |
Shen2 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49056 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shen2 多说社会化评论框 duoshuo allows Reflected XSS.This issue affects 多说社会化评论框: from n/a through <= 1.2. |
Soflyy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49038 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Dynamic Links wp-dynamic-links allows Reflected XSS.This issue affects WP Dynamic Links: from n/a through <= 1.0.1. |
Softnwords · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52785 | High | 7.1 | — | 2025-08-14 | Missing Authorization vulnerability in softnwords SMM API smm-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMM API: from n/a through <= 6.0.31. |
Solarwinds · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-26398 | Medium | 5.6 | — | 2025-08-12 | SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. |
Sound Strategies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49058 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sound Strategies SoundSt SEO Search soundst-seo-search allows Reflected XSS.This issue affects SoundSt SEO Search: from n/a through <= 1… |
Sparklewpthemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54680 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Blogger Buzz blogger-buzz allows Stored XSS.This issue affects Blogger Buzz: from n/a through <= 1.2.6. |
Spreecommerce · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10019 | Critical | 9.8 | — | 2025-08-13 | Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. |
Stefanoai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28962 | Medium | 6.5 | — | 2025-08-14 | Missing Authorization vulnerability in stefanoai Advanced Google Universal Analytics advanced-google-universal-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Universal A… |
Stellarwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54697 | High | 7.2 | — | 2025-08-14 | Incorrect Privilege Assignment vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Privilege Escalation.This issue affects Kadence WooCommerce Email Designer: from n/a through <= 1.5.16. |
Steve Burge · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55710 | Medium | 4.3 | — | 2025-08-14 | Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2. |
Stmcan · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32288 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Exten… |
Stylemix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54691 | Medium | 5.3 | — | 2025-08-14 | Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Motors: from n/a through… |
Surbowl · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9002 | High | 7.3 | — | 2025-08-15 | A vulnerability was identified in Surbowl dormitory-management-php 1.0. |
Syedamirhussain91 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-50031 | Medium | 6.5 | — | 2025-08-14 | Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through <= 6.0. |
Symmetrix Technologies · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10017 | — | — | — | 2025-08-13 | Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. |
Synergetic Data Systems Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-34154 | — | — | — | 2025-08-13 | UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. |
Sysax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10060 | Critical | 9.8 | — | 2025-08-13 | Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. |
Techlabpro1 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-5844 | Medium | 6.4 | — | 2025-08-15 | The Radius Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subHeadingTagName’ parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. |
Telstra · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54992 | — | — | — | 2025-08-11 | OpenKilda is an open-source OpenFlow controller. |
Thanhd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49433 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThanhD Supermalink supermalink allows DOM-Based XSS.This issue affects Supermalink: from n/a through <= 1.1. |
Thembay · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54689 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.7. |
Themestek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54690 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio xinterio allows PHP Local File Inclusion.This issue affects Xinterio: from n/a through <= 4.2. |
Themeum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6184 | High | 8.8 | — | 2025-08-13 | The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in all versions up to, and including, 3.7.0… |
Themovation · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53341 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in Themovation App, SaaS & Software Startup Tech Theme - Stratus stratusx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects App, SaaS & Software Startup Tech Them… |
Thimpress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-28979 | High | 8.1 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. |
Tianocore · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-38805 | Medium | 6.3 | — | 2025-08-12 | EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. |
Tokio-rs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55159 | — | — | — | 2025-08-11 | slab is a pre-allocated storage for a uniform data type. |
Tosend.it · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49044 | High | 7.1 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll simple-poll allows Stored XSS.This issue affects Simple Poll: from n/a through <= 1.1.1. |
Traq Project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10013 | — | — | — | 2025-08-13 | Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. |
Uicore · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6253 | High | 7.5 | — | 2025-08-12 | The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.3.0 via the prepare_template() function due to a missing capability check and insu… |
Umbraco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10054 | Critical | 9.8 | — | 2025-08-13 | Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. |
Unity Business Technology Pty Ltd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52800 | High | 7.3 | — | 2025-08-14 | Missing Authorization vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. |
Valvepress · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-39510 | High | 8.5 | — | 2025-08-14 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a throu… |
Vcita · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54676 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Stored XSS.This issue affects Online… |
Veronalabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55716 | Medium | 4.3 | — | 2025-08-14 | Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15. |
Vertim · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54679 | High | 7.5 | — | 2025-08-14 | Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free neon-channel-product-customizer-free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Neon Channel Product Customi… |
Villatheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-30993 | Medium | 6.5 | — | 2025-08-14 | Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer… |
Visual Composer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55709 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder visualcomposer allows Stored XSS.This issue affects Visual Composer Website Builder: from… |
Vonstroheim · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52801 | High | 7.3 | — | 2025-08-14 | Missing Authorization vulnerability in VonStroheim TheBooking thebooking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects TheBooking: from n/a through <= 1.4.4. |
Webba Appointment Booking · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54729 | Medium | 5.9 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webba Appointment Booking Webba Booking webba-booking-lite allows Stored XSS.This issue affects Webba Booking: from n/a through <= 6.0.5. |
Webcodingplace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52728 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue… |
Webid · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2011-10011 | — | — | — | 2025-08-13 | WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. |
Webilop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49064 | High | 7.1 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilop User Language Switch user-language-switch allows Reflected XSS.This issue affects User Language Switch: from n/a through <= 1.6.1… |
Wetail · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-47610 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wetail WooCommerce Fortnox Integration woocommerce-fortnox-integration allows Stored XSS.This issue affects WooCommerce Fortnox Integrati… |
Winterchens · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8838 | High | 7.3 | — | 2025-08-11 | A vulnerability has been found in WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8. |
Wipeoutmedia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-3703 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS &… |
Withastro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55207 | — | — | — | 2025-08-15 | Astro is a web framework for content-driven websites. |
Wordlift · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53582 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordLift WordLift wordlift allows Stored XSS.This issue affects WordLift: from n/a through <= 3.54.5. |
Worstguy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49437 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in worstguy WP LOL Rotation league-of-legends-rotation allows Stored XSS.This issue affects WP LOL Rotation: from n/a through <= 1.0. |
Wp Swings · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54692 | High | 7.5 | — | 2025-08-14 | Missing Authorization vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Membership For WooCommerce: from n/a through <= 2.9.0. |
Wp Table Builder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55711 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Stored XSS.This issue affects WP Table Builder: from n/a through <= 2.0.12. |
Wpbakery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54747 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbakery Templatera templatera allows DOM-Based XSS.This issue affects Templatera: from n/a through <= 2.3.0. |
Wpbits · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-37945 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addons For Elementor Page Builder wpbits-addons-for-elementor allows Stored XSS.This issue affects WPBITS Addons For Elemen… |
Wpdevteam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8451 | Medium | 6.4 | — | 2025-08-15 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due t… |
Wpestate · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-53330 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate WP Rentals wprentals allows Stored XSS.This issue affects WP Rentals: from n/a through <= 3.16.1. |
Wpfactory · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49887 | Critical | 9.9 | — | 2025-08-14 | Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for Wo… |
Wpfunnels · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54696 | Medium | 6.5 | — | 2025-08-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels WPFunnels wpfunnels allows Stored XSS.This issue affects WPFunnels: from n/a through <= 3.5.26. |
Wproyal · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-24766 | High | 7.5 | — | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a t… |
Wptb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8604 | Medium | 6.4 | — | 2025-08-15 | The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output… |
Wulkano · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7961 | — | — | — | 2025-08-15 | Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0. |
Xolluteon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-49898 | High | 7.6 | — | 2025-08-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14. |
Yithemes · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54675 | Medium | 4.3 | — | 2025-08-14 | Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0. |
Youki-dev · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54867 | High | 7.0 | — | 2025-08-14 | Youki is a container runtime written in Rust. |
Zed-industries · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55012 | — | — | — | 2025-08-11 | Zed is a multiplayer code editor. |
Zen Load Balancer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2012-10039 | — | — | — | 2025-08-11 | ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. |
Zlt2000 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8841 | Medium | 6.3 | — | 2025-08-11 | A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. |
Zte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-26709 | Medium | 5.7 | — | 2025-08-15 | There is an unauthorized access vulnerability in ZTE F50. |