| CVE-2025-54253 |
6.0 |
Adobe |
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. |
2025-08-13T18:56:02.910 |
https://cve.circl.lu/cve/CVE-2025-54253 |
| CVE-2025-54254 |
4.0 |
Adobe |
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction. |
2025-08-13T18:54:27.140 |
https://cve.circl.lu/cve/CVE-2025-54254 |
| CVE-2025-49554 |
3.6 |
Adobe |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. |
2025-08-15T15:37:34.777 |
https://cve.circl.lu/cve/CVE-2025-49554 |
| CVE-2025-49555 |
5.8 |
Adobe |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed. |
2025-08-15T15:39:48.550 |
https://cve.circl.lu/cve/CVE-2025-49555 |
| CVE-2025-49556 |
3.6 |
Adobe |
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged. |
2025-08-15T15:39:58.133 |
https://cve.circl.lu/cve/CVE-2025-49556 |
| CVE-2025-8904 |
N/A |
Amazon |
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-8904 |
| CVE-2025-9039 |
1.4 |
Amazon |
We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'.This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. If customers cannot update to the latest AMI, they can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678). |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-9039 |
| CVE-2025-54090 |
3.4 |
Apache |
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".Users are recommended to upgrade to version 2.4.65, which fixes the issue. |
2025-08-14T00:47:43.510 |
https://cve.circl.lu/cve/CVE-2025-54090 |
| CVE-2025-48913 |
5.9 |
Apache |
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. |
2025-08-14T19:46:03.753 |
https://cve.circl.lu/cve/CVE-2025-48913 |
| CVE-2025-48989 |
3.6 |
Apache |
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue. |
2025-08-18T18:34:04.980 |
https://cve.circl.lu/cve/CVE-2025-48989 |
| CVE-2025-55668 |
3.6 |
Apache |
Session Fixation vulnerability in Apache Tomcat via rewrite valve.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.Older, EOL versions may also be affected.Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. |
2025-08-18T18:44:38.637 |
https://cve.circl.lu/cve/CVE-2025-55668 |
| CVE-2025-54472 |
3.6 |
Apache |
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network.Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it.The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0.Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services.How to Fix: we provide two methods, you can choose one of them:1. Upgrade bRPC to version 1.14.1.2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually.No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit. |
2025-08-18T18:35:46.417 |
https://cve.circl.lu/cve/CVE-2025-54472 |
| CVE-2021-35567 |
4.0 |
Apple |
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). |
2025-08-15T20:23:58.377 |
https://cve.circl.lu/cve/CVE-2021-35567 |
| CVE-2025-43201 |
3.6 |
Apple |
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-43201 |
| CVE-2025-38542 |
N/A |
Apple |
In the Linux kernel, the following vulnerability has been resolved:net: appletalk: Fix device refcount leak in atrtr_create()When updating an existing route entry in atrtr_create(), the old devicereference was not being released before assigning the new device,leading to a device refcount leak. Fix this by calling dev_put() torelease the old device reference before holding the new one. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-38542 |
| CVE-2025-38557 |
N/A |
Apple |
In the Linux kernel, the following vulnerability has been resolved:HID: apple: validate feature-report field count to prevent NULL pointer dereferenceA malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULLpointer dereference whilst the power feature-report is toggled and sent tothe device in apple_magic_backlight_report_set(). The power feature-reportis expected to have two data fields, but if the descriptor declares onefield then accessing field[1] and dereferencing it inapple_magic_backlight_report_set() becomes invalidsince field[1] will be NULL.An example of a minimal descriptor which can cause the crash is somethinglike the following where the report with ID 3 (power report) onlyreferences a single 1-byte field. When hid core parses the descriptor itwill encounter the final feature tag, allocate a hid_report (all membersof field[] will be zeroed out), create field structure and populate it,increasing the maxfield to 1. The subsequent field[1] access anddereference causes the crash. Usage Page (Vendor Defined 0xFF00) Usage (0x0F) Collection (Application) Report ID (1) Usage (0x01) Logical Minimum (0) Logical Maximum (255) Report Size (8) Report Count (1) Feature (Data,Var,Abs) Usage (0x02) Logical Maximum (32767) Report Size (16) Report Count (1) Feature (Data,Var,Abs) Report ID (3) Usage (0x03) Logical Minimum (0) Logical Maximum (1) Report Size (8) Report Count (1) Feature (Data,Var,Abs) End CollectionHere we see the KASAN splat when the kernel dereferences theNULL pointer and crashes: [ 15.164723] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] SMP KASAN NOPTI [ 15.165691] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 15.165691] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.15.0 #31 PREEMPT(voluntary) [ 15.165691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 15.165691] RIP: 0010:apple_magic_backlight_report_set+0xbf/0x210 [ 15.165691] Call Trace: [ 15.165691] <TASK> [ 15.165691] apple_probe+0x571/0xa20 [ 15.165691] hid_device_probe+0x2e2/0x6f0 [ 15.165691] really_probe+0x1ca/0x5c0 [ 15.165691] __driver_probe_device+0x24f/0x310 [ 15.165691] driver_probe_device+0x4a/0xd0 [ 15.165691] __device_attach_driver+0x169/0x220 [ 15.165691] bus_for_each_drv+0x118/0x1b0 [ 15.165691] __device_attach+0x1d5/0x380 [ 15.165691] device_initial_probe+0x12/0x20 [ 15.165691] bus_probe_device+0x13d/0x180 [ 15.165691] device_add+0xd87/0x1510 [...]To fix this issue we should validate the number of fields that thebacklight and power reports have and if they do not have the requirednumber of fields then bail. |
2025-08-19T17:15:31.960 |
https://cve.circl.lu/cve/CVE-2025-38557 |
| CVE-2025-47158 |
6.0 |
Azure |
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. |
2025-08-14T17:21:14.360 |
https://cve.circl.lu/cve/CVE-2025-47158 |
| CVE-2025-47995 |
3.6 |
Azure |
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
2025-08-14T17:22:41.180 |
https://cve.circl.lu/cve/CVE-2025-47995 |
| CVE-2025-49746 |
6.0 |
Azure |
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
2025-08-14T17:23:37.280 |
https://cve.circl.lu/cve/CVE-2025-49746 |
| CVE-2025-49747 |
6.0 |
Azure |
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
2025-08-14T17:24:01.320 |
https://cve.circl.lu/cve/CVE-2025-49747 |
| CVE-2025-53767 |
5.8 |
Azure |
Azure OpenAI Elevation of Privilege Vulnerability |
2025-08-14T17:32:03.190 |
https://cve.circl.lu/cve/CVE-2025-53767 |
| CVE-2025-21915 |
5.9 |
Atom |
In the Linux kernel, the following vulnerability has been resolved:cdx: Fix possible UAF error in driver_override_show()Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.cThis function driver_override_show() is part of DEVICE_ATTR_RW, whichincludes both driver_override_show() and driver_override_store().These functions can be executed concurrently in sysfs.The driver_override_store() function uses driver_set_override() toupdate the driver_override value, and driver_set_override() internallylocks the device (device_lock(dev)). If driver_override_show() readscdx_dev->driver_override without locking, it could potentially accessa freed pointer if driver_override_store() frees the stringconcurrently. This could lead to printing a kernel address, which is asecurity risk since DEVICE_ATTR can be read by all users.Additionally, a similar pattern is used in drivers/amba/bus.c, as wellas many other bus drivers, where device_lock() is taken in the showfunction, and it has been working without issues.This potential bug was detected by our experimental static analysistool, which analyzes locking APIs and paired functions to identifydata races and atomicity violations. |
2025-08-19T14:40:04.700 |
https://cve.circl.lu/cve/CVE-2025-21915 |
| CVE-2025-38335 |
N/A |
Atom |
In the Linux kernel, the following vulnerability has been resolved:Input: gpio-keys - fix a sleep while atomic with PREEMPT_RTWhen enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs inhard irq context, but the input_event() takes a spin_lock, which isn'tallowed there as it is converted to a rt_spin_lock().[ 4054.289999] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48[ 4054.290028] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/0...[ 4054.290195] __might_resched+0x13c/0x1f4[ 4054.290209] rt_spin_lock+0x54/0x11c[ 4054.290219] input_event+0x48/0x80[ 4054.290230] gpio_keys_irq_timer+0x4c/0x78[ 4054.290243] __hrtimer_run_queues+0x1a4/0x438[ 4054.290257] hrtimer_interrupt+0xe4/0x240[ 4054.290269] arch_timer_handler_phys+0x2c/0x44[ 4054.290283] handle_percpu_devid_irq+0x8c/0x14c[ 4054.290297] handle_irq_desc+0x40/0x58[ 4054.290307] generic_handle_domain_irq+0x1c/0x28[ 4054.290316] gic_handle_irq+0x44/0xccConsidering the gpio_keys_irq_isr() can run in any context, e.g. it canbe threaded, it seems there's no point in requesting the timer isr torun in hard irq context.Relax the hrtimer not to use the hard context. |
2025-08-15T16:15:29.300 |
https://cve.circl.lu/cve/CVE-2025-38335 |
| CVE-2025-38349 |
N/A |
Atom |
In the Linux kernel, the following vulnerability has been resolved:eventpoll: don't decrement ep refcount while still holding the ep mutexJann Horn points out that epoll is decrementing the ep refcount and thendoing a mutex_unlock(&ep->mtx);afterwards. That's very wrong, because it can lead to a use-after-free.That pattern is actually fine for the very last reference, because thecode in question will delay the actual call to "ep_free(ep)" until afterit has unlocked the mutex.But it's wrong for the much subtler "next to last" case when somebody*else* may also be dropping their reference and free the ep while we'restill using the mutex.Note that this is true even if that other user is also using the same epmutex: mutexes, unlike spinlocks, can not be used for object ownership,even if they guarantee mutual exclusion.A mutex "unlock" operation is not atomic, and as one user is stillaccessing the mutex as part of unlocking it, another user can come inand get the now released mutex and free the data structure while thefirst user is still cleaning up.See our mutex documentation in Documentation/locking/mutex-design.rst,in particular the section [1] about semantics:\t"mutex_unlock() may access the mutex structure even after it has\t internally released the lock already - so it's not safe for\t another context to acquire the mutex and assume that the\t mutex_unlock() context is not using the structure anymore"So if we drop our ep ref before the mutex unlock, but we weren't thelast one, we may then unlock the mutex, another user comes in, drops_their_ reference and releases the 'ep' as it now has no users - allwhile the mutex_unlock() is still accessing it.Fix this by simply moving the ep refcount dropping to outside the mutex:the refcount itself is atomic, and doesn't need mutex protection (that'sthe whole _point_ of refcounts: unlike mutexes, they are inherentlyabout object lifetimes). |
2025-08-19T06:15:32.513 |
https://cve.circl.lu/cve/CVE-2025-38349 |
| CVE-2025-38510 |
N/A |
Atom |
In the Linux kernel, the following vulnerability has been resolved:kasan: remove kasan_find_vm_area() to prevent possible deadlockfind_vm_area() couldn't be called in atomic_context. If find_vm_area() iscalled to reports vm area information, kasan can trigger deadlock like:CPU0 CPU1vmalloc(); alloc_vmap_area(); spin_lock(&vn->busy.lock) spin_lock_bh(&some_lock); <interrupt occurs> <in softirq> spin_lock(&some_lock); <access invalid address> kasan_report(); print_report(); print_address_description(); kasan_find_vm_area(); find_vm_area(); spin_lock(&vn->busy.lock) // deadlock!To prevent possible deadlock while kasan reports, remove kasan_find_vm_area(). |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-38510 |
| CVE-2025-38585 |
N/A |
Atom |
In the Linux kernel, the following vulnerability has been resolved:staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()When gmin_get_config_var() calls efi.get_variable() and the EFI variableis larger than the expected buffer size, two behaviors combine to createa stack buffer overflow:1. gmin_get_config_var() does not return the proper error code when efi.get_variable() fails. It returns the stale 'ret' value from earlier operations instead of indicating the EFI failure.2. When efi.get_variable() returns EFI_BUFFER_TOO_SMALL, it updates *out_len to the required buffer size but writes no data to the output buffer. However, due to bug #1, gmin_get_var_int() believes the call succeeded.The caller gmin_get_var_int() then performs:- Allocates val[CFG_VAR_NAME_MAX + 1] (65 bytes) on stack- Calls gmin_get_config_var(dev, is_gmin, var, val, &len) with len=64- If EFI variable is >64 bytes, efi.get_variable() sets len=required_size- Due to bug #1, thinks call succeeded with len=required_size- Executes val[len] = 0, writing past end of 65-byte stack bufferThis creates a stack buffer overflow when EFI variables are larger than64 bytes. Since EFI variables can be controlled by firmware or systemconfiguration, this could potentially be exploited for code execution.Fix the bug by returning proper error codes from gmin_get_config_var()based on EFI status instead of stale 'ret' value.The gmin_get_var_int() function is called during device initializationfor camera sensor configuration on Intel Bay Trail and Cherry Trailplatforms using the atomisp camera stack. |
2025-08-19T17:15:35.877 |
https://cve.circl.lu/cve/CVE-2025-38585 |
| CVE-2024-12754 |
3.6 |
AnyDesk |
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940. |
2025-08-14T18:46:10.360 |
https://cve.circl.lu/cve/CVE-2024-12754 |
| CVE-2025-38573 |
N/A |
AMP |
In the Linux kernel, the following vulnerability has been resolved:spi: cs42l43: Property entry should be a null-terminated arrayThe software node does not specify a count of property entries, so thearray must be null-terminated.When unterminated, this can lead to a fault in the downstream cs35l56amplifier driver, because the node parse walks off the end of thearray into unknown memory. |
2025-08-19T17:15:34.283 |
https://cve.circl.lu/cve/CVE-2025-38573 |
| CVE-2024-4403 |
5.9 |
CSRF |
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function. |
2025-08-15T20:39:51.013 |
https://cve.circl.lu/cve/CVE-2024-4403 |
| CVE-2025-6790 |
1.4 |
CSRF |
The Quiz and Survey Master (QSM) WordPress plugin before 10.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. |
2025-08-14T15:15:41.867 |
https://cve.circl.lu/cve/CVE-2025-6790 |
| CVE-2025-55203 |
2.7 |
CSRF |
Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and later executed in other users’ browsers. The description_html field is not properly sanitized or escaped. An attacker can submit crafted JavaScript payloads that are saved in the application’s database. When another user views the affected content, the injected code executes in their browser, running in the application’s context and bypassing standard security protections. Successful exploitation can lead to session hijacking, theft of sensitive information, or forced redirection to malicious sites. The vulnerability can also be chained with CSRF attacks to perform unauthorized actions, or leveraged to distribute malware and exploit additional browser vulnerabilities. This issue has been patched in version 0.28.0. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-55203 |
| CVE-2024-8393 |
5.9 |
CSRF |
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Please note that this can also be exploited via CSRF techniques. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2024-8393 |
| CVE-2025-43745 |
N/A |
CSRF |
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter. |
2025-08-19T19:15:35.490 |
https://cve.circl.lu/cve/CVE-2025-43745 |
| CVE-2024-20344 |
1.4 |
Cisco |
A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality. |
2025-08-13T17:18:26.847 |
https://cve.circl.lu/cve/CVE-2024-20344 |
| CVE-2024-20354 |
1.4 |
Cisco |
A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point (AP) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping certain malformed frames. An attacker could exploit this vulnerability by connecting as a wireless client to an affected AP and sending specific malformed frames over the wireless connection. A successful exploit could allow the attacker to cause degradation of service to other clients, which could potentially lead to a complete DoS condition. |
2025-08-13T17:18:10.143 |
https://cve.circl.lu/cve/CVE-2024-20354 |
| CVE-2024-20495 |
4.0 |
Cisco |
A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. |
2025-08-15T16:40:50.227 |
https://cve.circl.lu/cve/CVE-2024-20495 |
| CVE-2025-20180 |
2.7 |
Cisco |
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator. |
2025-08-15T20:36:40.760 |
https://cve.circl.lu/cve/CVE-2025-20180 |
| CVE-2025-20210 |
3.4 |
Cisco |
A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration settings.This vulnerability is due to the lack of authentication in an API endpoint. An attacker could exploit this vulnerability by sending a request to the affected API of a Catalyst Center device. A successful exploit could allow the attacker to view or modify the outgoing proxy configuration, which could disrupt internet traffic from Cisco Catalyst Center or may allow the attacker to intercept outbound internet traffic. |
2025-08-13T19:05:32.047 |
https://cve.circl.lu/cve/CVE-2025-20210 |
| CVE-2024-22347 |
3.6 |
Cryptograph |
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
2025-08-14T01:21:30.420 |
https://cve.circl.lu/cve/CVE-2024-22347 |
| CVE-2024-38320 |
3.6 |
Cryptograph |
IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
2025-08-18T18:05:36.460 |
https://cve.circl.lu/cve/CVE-2024-38320 |
| CVE-2024-27256 |
3.6 |
Cryptograph |
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
2025-08-18T18:17:32.523 |
https://cve.circl.lu/cve/CVE-2024-27256 |
| CVE-2024-31896 |
3.6 |
Cryptograph |
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
2025-08-18T19:49:58.617 |
https://cve.circl.lu/cve/CVE-2024-31896 |
| CVE-2024-45556 |
4.0 |
Cryptograph |
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. |
2025-08-19T17:26:31.170 |
https://cve.circl.lu/cve/CVE-2024-45556 |
| CVE-2025-6206 |
5.9 |
ChatGPT |
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary. |
2025-08-13T13:39:01.753 |
https://cve.circl.lu/cve/CVE-2025-6206 |
| CVE-2025-8908 |
3.4 |
CRM |
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.6.5 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+." |
2025-08-13T20:15:34.390 |
https://cve.circl.lu/cve/CVE-2025-8908 |
| CVE-2025-54681 |
1.4 |
CRM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-54681 |
| CVE-2025-54682 |
2.5 |
CRM |
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-54682 |
| CVE-2025-54684 |
3.7 |
CRM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks Integration for Contact Form 7 and Constant Contact allows Stored XSS. This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through 1.1.7. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-54684 |
| CVE-2025-7654 |
5.9 |
CRM |
Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make privilege escalation possible.Please note both FunnelKit – Funnel Builder for WooCommerce Checkout AND FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce are affected by this. |
2025-08-19T13:42:47.510 |
https://cve.circl.lu/cve/CVE-2025-7654 |
| CVE-2025-8949 |
5.9 |
D-Link |
A vulnerability was identified in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2025-08-18T14:53:22.843 |
https://cve.circl.lu/cve/CVE-2025-8949 |
| CVE-2025-8956 |
3.4 |
D-Link |
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
2025-08-18T15:13:14.287 |
https://cve.circl.lu/cve/CVE-2025-8956 |
| CVE-2025-8978 |
5.9 |
D-Link |
A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-8978 |
| CVE-2025-9003 |
1.4 |
D-Link |
A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-9003 |
| CVE-2025-9026 |
3.4 |
D-Link |
A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2025-08-18T15:10:41.840 |
https://cve.circl.lu/cve/CVE-2025-9026 |
| CVE-2024-38325 |
3.6 |
Defender |
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. |
2025-08-14T19:10:41.307 |
https://cve.circl.lu/cve/CVE-2024-38325 |
| CVE-2024-22314 |
3.6 |
Defender |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. |
2025-08-19T16:39:38.723 |
https://cve.circl.lu/cve/CVE-2024-22314 |
| CVE-2025-21104 |
1.4 |
Dell |
Dell NetWorker, versions prior to 19.12.0.1 and versions prior to 19.11.0.4, contain(s) an Open Redirect Vulnerability in NMC. An unauthenticated attacker with remoter access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. |
2025-08-18T14:24:06.133 |
https://cve.circl.lu/cve/CVE-2025-21104 |
| CVE-2025-29989 |
2.5 |
Dell |
Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to BIOS upgrade denial. |
2025-08-18T12:42:51.290 |
https://cve.circl.lu/cve/CVE-2025-29989 |
| CVE-2025-29983 |
5.9 |
Dell |
Dell Trusted Device, versions prior to 7.0.3.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
2025-08-15T12:54:24.550 |
https://cve.circl.lu/cve/CVE-2025-29983 |
| CVE-2025-29984 |
5.9 |
Dell |
Dell Trusted Device, versions prior to 7.0.3.0, contain an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
2025-08-15T13:06:53.703 |
https://cve.circl.lu/cve/CVE-2025-29984 |
| CVE-2025-36582 |
2.5 |
Dell |
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. |
2025-08-14T20:53:15.713 |
https://cve.circl.lu/cve/CVE-2025-36582 |
| CVE-2025-54411 |
N/A |
Discourse |
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the preferred_display_name placeholder, or not impersonateany users for the time being. This vulnerability is fixed in 3.5.0.beta8. |
2025-08-19T17:15:40.833 |
https://cve.circl.lu/cve/CVE-2025-54411 |
| CVE-2025-0163 |
1.4 |
Docker |
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. |
2025-08-13T14:31:41.243 |
https://cve.circl.lu/cve/CVE-2025-0163 |
| CVE-2025-40766 |
3.6 |
Docker |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. |
2025-08-15T17:58:06.507 |
https://cve.circl.lu/cve/CVE-2025-40766 |
| CVE-2025-40767 |
6.0 |
Docker |
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources. |
2025-08-15T18:22:56.943 |
https://cve.circl.lu/cve/CVE-2025-40767 |
| CVE-2025-55213 |
N/A |
Docker |
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.9.3 to v1.9.4 ( openfga-0.2.40 <= Helm chart <= openfga-0.2.41, v1.9.3 <= docker <= v.1.9.4) are vulnerable to improper policy enforcement when certain Check and ListObject calls are executed. This vulnerability is fixed in 1.9.5. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-55213 |
| CVE-2025-55740 |
2.5 |
Docker |
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration filesconfig.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later. |
2025-08-19T20:15:35.467 |
https://cve.circl.lu/cve/CVE-2025-55740 |
| CVE-2012-10059 |
N/A |
Dolibarr |
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code execution on the server. |
2025-08-14T15:15:31.170 |
https://cve.circl.lu/cve/CVE-2012-10059 |
| CVE-2025-55014 |
1.4 |
Debian |
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. |
2025-08-13T17:15:28.400 |
https://cve.circl.lu/cve/CVE-2025-55014 |
| CVE-2025-55163 |
N/A |
DDoS |
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-55163 |
| CVE-2025-49745 |
2.5 |
Dynamics 365 |
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. |
2025-08-15T17:49:05.560 |
https://cve.circl.lu/cve/CVE-2025-49745 |
| CVE-2025-53728 |
3.6 |
Dynamics 365 |
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. |
2025-08-15T17:49:56.110 |
https://cve.circl.lu/cve/CVE-2025-53728 |
| CVE-2025-41242 |
3.6 |
Eclipse |
Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container.An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handlingWe have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-41242 |
| CVE-2025-53735 |
5.9 |
Excel |
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
2025-08-15T17:15:00.470 |
https://cve.circl.lu/cve/CVE-2025-53735 |
| CVE-2025-53737 |
5.9 |
Excel |
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
2025-08-15T17:15:28.137 |
https://cve.circl.lu/cve/CVE-2025-53737 |
| CVE-2025-53739 |
5.9 |
Excel |
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
2025-08-15T17:15:38.977 |
https://cve.circl.lu/cve/CVE-2025-53739 |
| CVE-2025-53741 |
5.9 |
Excel |
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
2025-08-15T17:16:26.827 |
https://cve.circl.lu/cve/CVE-2025-53741 |
| CVE-2025-53759 |
5.9 |
Excel |
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
2025-08-15T17:16:38.060 |
https://cve.circl.lu/cve/CVE-2025-53759 |
| CVE-2025-6704 |
5.9 |
Exchange |
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. |
2025-08-18T20:15:16.500 |
https://cve.circl.lu/cve/CVE-2025-6704 |
| CVE-2025-8114 |
3.6 |
Exchange |
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. |
2025-08-14T00:45:36.510 |
https://cve.circl.lu/cve/CVE-2025-8114 |
| CVE-2025-25005 |
3.6 |
Exchange |
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-25005 |
| CVE-2025-25006 |
1.4 |
Exchange |
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-25006 |
| CVE-2025-25007 |
1.4 |
Exchange |
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-25007 |
| CVE-2017-3248 |
5.9 |
Exploit |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). |
2025-08-13T15:15:29.313 |
https://cve.circl.lu/cve/CVE-2017-3248 |
| CVE-2018-7445 |
5.9 |
Exploit |
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable. |
2025-08-15T20:22:11.077 |
https://cve.circl.lu/cve/CVE-2018-7445 |
| CVE-2020-3993 |
3.6 |
Exploit |
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. |
2025-08-13T12:52:10.387 |
https://cve.circl.lu/cve/CVE-2020-3993 |
| CVE-2021-21981 |
5.9 |
Exploit |
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. |
2025-08-13T12:52:10.387 |
https://cve.circl.lu/cve/CVE-2021-21981 |
| CVE-2021-35393 |
5.9 |
Exploit |
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device. |
2025-08-13T15:22:43.290 |
https://cve.circl.lu/cve/CVE-2021-35393 |
| CVE-2024-1522 |
5.9 |
Endpoint |
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. |
2025-08-15T20:33:48.423 |
https://cve.circl.lu/cve/CVE-2024-1522 |
| CVE-2024-1646 |
4.2 |
Endpoint |
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration. |
2025-08-15T20:33:28.890 |
https://cve.circl.lu/cve/CVE-2024-1646 |
| CVE-2024-34949 |
4.2 |
Endpoint |
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint. |
2025-08-15T20:29:52.543 |
https://cve.circl.lu/cve/CVE-2024-34949 |
| CVE-2024-4454 |
5.9 |
Endpoint |
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability.The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. |
2025-08-14T19:28:08.170 |
https://cve.circl.lu/cve/CVE-2024-4454 |
| CVE-2024-37312 |
3.4 |
Endpoint |
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28). |
2025-08-14T19:18:22.133 |
https://cve.circl.lu/cve/CVE-2024-37312 |
| CVE-2023-45584 |
5.9 |
Fortinet |
A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.13 and FortiPAM version 1.1.0 through 1.1.2 and before 1.0.3 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. |
2025-08-14T01:03:40.590 |
https://cve.circl.lu/cve/CVE-2023-45584 |
| CVE-2024-26009 |
5.9 |
Fortinet |
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15\tand before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number. |
2025-08-14T01:13:14.967 |
https://cve.circl.lu/cve/CVE-2024-26009 |
| CVE-2024-40588 |
3.6 |
Fortinet |
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. |
2025-08-14T01:14:41.250 |
https://cve.circl.lu/cve/CVE-2024-40588 |
| CVE-2024-52964 |
4.2 |
Fortinet |
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests. |
2025-08-14T01:15:15.337 |
https://cve.circl.lu/cve/CVE-2024-52964 |
| CVE-2025-25256 |
5.9 |
Fortinet |
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests. |
2025-08-15T18:15:27.583 |
https://cve.circl.lu/cve/CVE-2025-25256 |
| CVE-2019-3924 |
3.6 |
Firewall |
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities. |
2025-08-15T20:21:44.360 |
https://cve.circl.lu/cve/CVE-2019-3924 |
| CVE-2024-52304 |
3.6 |
Firewall |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue. |
2025-08-15T17:36:18.507 |
https://cve.circl.lu/cve/CVE-2024-52304 |
| CVE-2025-2767 |
6.0 |
Firewall |
Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability.The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407. |
2025-08-14T14:40:30.180 |
https://cve.circl.lu/cve/CVE-2025-2767 |
| CVE-2025-53643 |
3.6 |
Firewall |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. |
2025-08-14T20:40:05.493 |
https://cve.circl.lu/cve/CVE-2025-53643 |
| CVE-2025-8450 |
4.2 |
Fortra |
Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page. |
2025-08-19T18:15:29.540 |
https://cve.circl.lu/cve/CVE-2025-8450 |
| CVE-2024-10383 |
5.8 |
GitLab |
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE |
2025-08-14T19:24:54.723 |
https://cve.circl.lu/cve/CVE-2024-10383 |
| CVE-2024-10219 |
3.6 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints. |
2025-08-14T17:53:47.837 |
https://cve.circl.lu/cve/CVE-2024-10219 |
| CVE-2024-12303 |
5.5 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role. |
2025-08-15T16:24:44.060 |
https://cve.circl.lu/cve/CVE-2024-12303 |
| CVE-2025-1477 |
3.6 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. |
2025-08-15T16:24:55.567 |
https://cve.circl.lu/cve/CVE-2025-1477 |
| CVE-2025-2498 |
1.4 |
GitLab |
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. |
2025-08-15T16:25:17.323 |
https://cve.circl.lu/cve/CVE-2025-2498 |
| CVE-2025-8879 |
5.9 |
Google |
Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) |
2025-08-14T01:07:06.050 |
https://cve.circl.lu/cve/CVE-2025-8879 |
| CVE-2025-8880 |
5.9 |
Google |
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
2025-08-14T01:07:29.130 |
https://cve.circl.lu/cve/CVE-2025-8880 |
| CVE-2025-8881 |
3.6 |
Google |
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
2025-08-14T01:07:16.813 |
https://cve.circl.lu/cve/CVE-2025-8881 |
| CVE-2025-8882 |
5.9 |
Google |
Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
2025-08-14T01:07:41.633 |
https://cve.circl.lu/cve/CVE-2025-8882 |
| CVE-2025-8901 |
5.9 |
Google |
Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
2025-08-14T01:07:54.277 |
https://cve.circl.lu/cve/CVE-2025-8901 |
| CVE-2025-4123 |
4.7 |
Grafana |
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive. |
2025-08-15T19:37:01.457 |
https://cve.circl.lu/cve/CVE-2025-4123 |
| CVE-2025-22134 |
3.4 |
GitHub |
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 |
2025-08-14T17:43:55.730 |
https://cve.circl.lu/cve/CVE-2025-22134 |
| CVE-2025-53773 |
5.9 |
GitHub |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. |
2025-08-15T17:01:01.673 |
https://cve.circl.lu/cve/CVE-2025-53773 |
| CVE-2025-8963 |
3.4 |
GitHub |
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". |
2025-08-15T13:13:07.817 |
https://cve.circl.lu/cve/CVE-2025-8963 |
| CVE-2025-55192 |
N/A |
GitHub |
HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impacts the GitHub Actions environment for this repository. The vulnerable workflow directly inserted user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper sanitization. A malicious GitHub user could craft an issue body that executes arbitrary commands on the GitHub Actions runner in a privileged context whenever an issue is opened. The potential impact is limited to the repository’s CI/CD environment, which could allow access to repository contents or GitHub Actions secrets. This issue has been patched via commit 2a3b80f. Workarounds involve disabling the affected workflow (issues.yml), replacing the unsafe Bash comparison with a safe quoted grep (or a pure GitHub Actions expression check), or ensuring minimal permissions in workflows (permissions: block) to reduce possible impact. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-55192 |
| CVE-2025-55306 |
5.9 |
GitHub |
GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.). |
2025-08-19T19:15:37.067 |
https://cve.circl.lu/cve/CVE-2025-55306 |
| CVE-2024-51470 |
3.6 |
HPE |
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. |
2025-08-15T18:30:37.550 |
https://cve.circl.lu/cve/CVE-2024-51470 |
| CVE-2025-8959 |
3.6 |
HashiCorp |
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-8959 |
| CVE-2025-48807 |
6.0 |
Hyper-V |
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. |
2025-08-15T17:48:00.927 |
https://cve.circl.lu/cve/CVE-2025-48807 |
| CVE-2025-49751 |
4.0 |
Hyper-V |
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. |
2025-08-15T17:49:15.250 |
https://cve.circl.lu/cve/CVE-2025-49751 |
| CVE-2025-50167 |
5.9 |
Hyper-V |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
2025-08-14T17:35:35.400 |
https://cve.circl.lu/cve/CVE-2025-50167 |
| CVE-2025-53155 |
5.9 |
Hyper-V |
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
2025-08-18T16:36:40.853 |
https://cve.circl.lu/cve/CVE-2025-53155 |
| CVE-2025-53723 |
5.9 |
Hyper-V |
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
2025-08-15T17:49:41.880 |
https://cve.circl.lu/cve/CVE-2025-53723 |
| CVE-2023-47716 |
3.4 |
IBM |
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656. |
2025-08-15T20:06:50.330 |
https://cve.circl.lu/cve/CVE-2023-47716 |
| CVE-2023-43043 |
3.6 |
IBM |
IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: 266875. |
2025-08-15T20:02:06.897 |
https://cve.circl.lu/cve/CVE-2023-43043 |
| CVE-2024-28782 |
4.0 |
IBM |
IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. |
2025-08-14T18:52:19.970 |
https://cve.circl.lu/cve/CVE-2024-28782 |
| CVE-2024-28787 |
5.8 |
IBM |
IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584. |
2025-08-14T18:54:13.063 |
https://cve.circl.lu/cve/CVE-2024-28787 |
| CVE-2024-31887 |
3.6 |
IBM |
IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. |
2025-08-13T13:33:15.737 |
https://cve.circl.lu/cve/CVE-2024-31887 |
| CVE-2023-50197 |
5.9 |
Intel |
Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to write a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21845. |
2025-08-14T15:59:05.243 |
https://cve.circl.lu/cve/CVE-2023-50197 |
| CVE-2023-38007 |
2.7 |
Intel |
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. |
2025-08-14T01:12:31.570 |
https://cve.circl.lu/cve/CVE-2023-38007 |
| CVE-2024-33607 |
4.0 |
Intel |
Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2024-33607 |
| CVE-2025-20017 |
5.9 |
Intel |
Uncontrolled search path for some Intel(R) oneAPI Toolkit and component software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-20017 |
| CVE-2025-20023 |
5.9 |
Intel |
Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-20023 |
| CVE-2023-20868 |
2.7 |
Java |
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. |
2025-08-13T12:52:10.387 |
https://cve.circl.lu/cve/CVE-2023-20868 |
| CVE-2023-33202 |
3.6 |
Java |
Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) |
2025-08-18T17:15:27.680 |
https://cve.circl.lu/cve/CVE-2023-33202 |
| CVE-2023-47731 |
2.7 |
Java |
IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. |
2025-08-13T13:31:42.767 |
https://cve.circl.lu/cve/CVE-2023-47731 |
| CVE-2023-38264 |
3.6 |
Java |
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. |
2025-08-14T19:34:02.877 |
https://cve.circl.lu/cve/CVE-2023-38264 |
| CVE-2024-9453 |
3.6 |
Jenkins |
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. |
2025-08-18T19:02:46.957 |
https://cve.circl.lu/cve/CVE-2024-9453 |
| CVE-2021-20087 |
5.9 |
JQuery |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype. |
2025-08-14T21:15:26.997 |
https://cve.circl.lu/cve/CVE-2021-20087 |
| CVE-2025-7066 |
2.7 |
Jira |
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma. |
2025-08-14T14:00:20.763 |
https://cve.circl.lu/cve/CVE-2025-7066 |
| CVE-2024-42346 |
4.7 |
JavaScript |
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
2025-08-15T14:19:48.833 |
https://cve.circl.lu/cve/CVE-2024-42346 |
| CVE-2024-47117 |
2.7 |
JavaScript |
IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
2025-08-15T18:33:06.627 |
https://cve.circl.lu/cve/CVE-2024-47117 |
| CVE-2024-49785 |
2.7 |
JavaScript |
IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
2025-08-19T12:38:57.937 |
https://cve.circl.lu/cve/CVE-2024-49785 |
| CVE-2023-42005 |
5.9 |
Kubernetes |
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with access to the Kubernetes pod, to make system calls compromising the security of containers. IBM X-Force ID: 265264. |
2025-08-18T15:03:51.540 |
https://cve.circl.lu/cve/CVE-2023-42005 |
| CVE-2024-39690 |
6.0 |
Kubernetes |
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch. |
2025-08-14T14:15:30.037 |
https://cve.circl.lu/cve/CVE-2024-39690 |
| CVE-2025-24313 |
3.6 |
Kubernetes |
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-24313 |
| CVE-2025-55196 |
N/A |
Kubernetes |
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List() calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a namespace selector. This flaw allowed an attacker to use label selectors to list and read secrets/secret-stores across the cluster, bypassing intended namespace restrictions. An attacker with the ability to create or update PushSecret resources and control SecretStore configurations could exploit this vulnerability to exfiltrate sensitive data from arbitrary namespaces. This could lead to full disclosure of Kubernetes secrets, including credentials, tokens, and other sensitive information stored in the cluster. This vulnerability has been patched in version 0.19.2. A workaround for this issue includes auditing and restricting RBAC permissions so that only trusted service accounts can create or update PushSecret and SecretStore resources. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-55196 |
| CVE-2025-55198 |
3.6 |
Kubernetes |
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-55198 |
| CVE-2025-6230 |
3.4 |
Lenovo |
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. |
2025-08-19T16:32:52.043 |
https://cve.circl.lu/cve/CVE-2025-6230 |
| CVE-2025-4371 |
5.9 |
Lenovo |
A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-4371 |
| CVE-2025-8098 |
5.9 |
Lenovo |
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-8098 |
| CVE-2024-21803 |
1.4 |
Linux |
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. |
2025-08-15T20:31:42.717 |
https://cve.circl.lu/cve/CVE-2024-21803 |
| CVE-2023-44451 |
5.9 |
Linux |
Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897. |
2025-08-14T16:07:47.183 |
https://cve.circl.lu/cve/CVE-2023-44451 |
| CVE-2023-44452 |
5.9 |
Linux |
Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132. |
2025-08-14T16:03:33.630 |
https://cve.circl.lu/cve/CVE-2023-44452 |
| CVE-2021-34981 |
5.9 |
Linux |
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. |
2025-08-14T01:42:25.163 |
https://cve.circl.lu/cve/CVE-2021-34981 |
| CVE-2024-42472 |
5.8 |
Linux |
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality.When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access.However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox.Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code.For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission. |
2025-08-19T15:21:28.073 |
https://cve.circl.lu/cve/CVE-2024-42472 |
| CVE-2023-3181 |
5.9 |
MSI |
The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. |
2025-08-14T14:52:30.797 |
https://cve.circl.lu/cve/CVE-2023-3181 |
| CVE-2025-7973 |
N/A |
MSI |
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-7973 |
| CVE-2021-35395 |
5.9 |
Management |
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device. |
2025-08-13T15:22:20.213 |
https://cve.circl.lu/cve/CVE-2021-35395 |
| CVE-2022-21661 |
6.0 |
Management |
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. |
2025-08-19T16:35:50.347 |
https://cve.circl.lu/cve/CVE-2022-21661 |
| CVE-2024-41799 |
6.0 |
Management |
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. This problem is fixed in versions 6.8.0 and above. |
2025-08-19T14:35:40.017 |
https://cve.circl.lu/cve/CVE-2024-41799 |
| CVE-2024-9500 |
5.9 |
Management |
A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. |
2025-08-18T21:15:29.927 |
https://cve.circl.lu/cve/CVE-2024-9500 |
| CVE-2025-20051 |
6.0 |
Mattermost |
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. |
2025-08-18T18:22:38.053 |
https://cve.circl.lu/cve/CVE-2025-20051 |
| CVE-2025-53762 |
5.8 |
Microsoft |
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. |
2025-08-14T17:26:42.273 |
https://cve.circl.lu/cve/CVE-2025-53762 |
| CVE-2025-53771 |
2.5 |
Microsoft |
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. |
2025-08-14T17:29:05.870 |
https://cve.circl.lu/cve/CVE-2025-53771 |
| CVE-2025-53774 |
2.5 |
Microsoft |
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
2025-08-14T17:33:18.397 |
https://cve.circl.lu/cve/CVE-2025-53774 |
| CVE-2025-53787 |
4.2 |
Microsoft |
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
2025-08-14T17:33:52.807 |
https://cve.circl.lu/cve/CVE-2025-53787 |
| CVE-2024-54141 |
4.7 |
MySQL |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0. |
2025-08-15T18:44:17.560 |
https://cve.circl.lu/cve/CVE-2024-54141 |
| CVE-2025-8714 |
5.9 |
MySQL |
Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. |
2025-08-15T13:13:07.817 |
https://cve.circl.lu/cve/CVE-2025-8714 |
| CVE-2025-51539 |
1.4 |
MySQL |
EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem. The script lacks both authentication checks and secure path handling, allowing directory traversal attacks (e.g., ../../../) to access sensitive files such as configuration files, database dumps, source code, and password reset tokens. If phpMyAdmin is exposed, extracted credentials can be used for direct administrative access. In environments without such tools, attacker-controlled file reads still allow full database extraction by targeting raw MySQL data files. The vendor states that the issue is fixed in 3.5.72.27183. |
2025-08-19T20:15:33.570 |
https://cve.circl.lu/cve/CVE-2025-51539 |
| CVE-2025-48500 |
5.9 |
MacOS |
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-48500 |
| CVE-2025-7961 |
N/A |
MacOS |
Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-7961 |
| CVE-2024-6260 |
5.9 |
Malware |
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321. |
2025-08-15T17:19:11.633 |
https://cve.circl.lu/cve/CVE-2024-6260 |
| CVE-2023-43694 |
4.7 |
Malware |
An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2023-43694 |
| CVE-2023-43683 |
2.5 |
Malware |
An issue was discovered in Malwarebytes 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). A Stack buffer out-of-bounds access exists because of an integer underflow when handling newline characters. |
2025-08-15T17:15:30.053 |
https://cve.circl.lu/cve/CVE-2023-43683 |
| CVE-2023-43692 |
3.6 |
Malware |
An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). Out-of-bound reads in strings detection utilities lead to system crashes. |
2025-08-15T17:15:31.283 |
https://cve.circl.lu/cve/CVE-2023-43692 |
| CVE-2023-43687 |
2.5 |
Malware |
An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution. |
2025-08-15T17:15:31.127 |
https://cve.circl.lu/cve/CVE-2023-43687 |
| CVE-2024-52586 |
2.5 |
MFA |
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix. |
2025-08-15T18:43:27.377 |
https://cve.circl.lu/cve/CVE-2024-52586 |
| CVE-2025-6015 |
3.6 |
MFA |
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. |
2025-08-13T18:09:08.700 |
https://cve.circl.lu/cve/CVE-2025-6015 |
| CVE-2025-3639 |
N/A |
MFA |
Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-3639 |
| CVE-2025-23266 |
6.0 |
NVIDIA |
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. |
2025-08-16T22:15:25.613 |
https://cve.circl.lu/cve/CVE-2025-23266 |
| CVE-2025-23294 |
5.9 |
NVIDIA |
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. |
2025-08-14T13:12:09.870 |
https://cve.circl.lu/cve/CVE-2025-23294 |
| CVE-2025-23295 |
5.9 |
NVIDIA |
NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
2025-08-14T13:12:09.870 |
https://cve.circl.lu/cve/CVE-2025-23295 |
| CVE-2025-23296 |
5.9 |
NVIDIA |
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
2025-08-14T13:12:09.870 |
https://cve.circl.lu/cve/CVE-2025-23296 |
| CVE-2025-23298 |
5.9 |
NVIDIA |
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
2025-08-14T13:12:09.870 |
https://cve.circl.lu/cve/CVE-2025-23298 |
| CVE-2021-34947 |
5.9 |
Netgear |
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.. Was ZDI-CAN-13055. |
2025-08-14T01:42:44.800 |
https://cve.circl.lu/cve/CVE-2021-34947 |
| CVE-2021-34982 |
5.9 |
Netgear |
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.. Was ZDI-CAN-13709. |
2025-08-14T01:41:19.343 |
https://cve.circl.lu/cve/CVE-2021-34982 |
| CVE-2021-34983 |
3.6 |
Netgear |
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708. |
2025-08-14T01:40:56.983 |
https://cve.circl.lu/cve/CVE-2021-34983 |
| CVE-2024-37886 |
2.7 |
Nextcloud |
user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0. |
2025-08-14T19:03:04.897 |
https://cve.circl.lu/cve/CVE-2024-37886 |
| CVE-2024-52512 |
1.4 |
Nextcloud |
user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0. |
2025-08-15T13:53:22.120 |
https://cve.circl.lu/cve/CVE-2024-52512 |
| CVE-2025-53859 |
1.4 |
Nginx |
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-53859 |
| CVE-2025-50579 |
1.4 |
Nginx |
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application. |
2025-08-19T20:15:31.873 |
https://cve.circl.lu/cve/CVE-2025-50579 |
| CVE-2025-23084 |
3.6 |
Node.js |
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API. |
2025-08-19T18:45:18.727 |
https://cve.circl.lu/cve/CVE-2025-23084 |
| CVE-2025-55195 |
3.4 |
Node.js |
@std/toml is the Deno Standard Library. Prior to version 1.0.9, an attacker can pollute the prototype chain in Node.js runtime and Browser when parsing untrusted TOML data, thus achieving Prototype Pollution (PP) vulnerability. This is because the library is merging an untrusted object with an empty object, which by default the empty object has the prototype chain. This issue has been patched in version 1.0.9. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-55195 |
| CVE-2018-13440 |
3.6 |
NULL Pointer |
The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert. |
2025-08-13T20:48:07.470 |
https://cve.circl.lu/cve/CVE-2018-13440 |
| CVE-2019-13147 |
3.6 |
NULL Pointer |
In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. |
2025-08-13T20:48:07.470 |
https://cve.circl.lu/cve/CVE-2019-13147 |
| CVE-2021-34586 |
3.6 |
NULL Pointer |
In the CODESYS V2 web server prior to V1.1.9.22 crafted web server requests may cause a Null pointer dereference in the CODESYS web server and may result in a denial-of-service condition. |
2025-08-15T20:26:04.430 |
https://cve.circl.lu/cve/CVE-2021-34586 |
| CVE-2025-32990 |
2.5 |
NULL Pointer |
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. |
2025-08-15T19:32:53.387 |
https://cve.circl.lu/cve/CVE-2025-32990 |
| CVE-2025-6238 |
5.9 |
OAuth |
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due to an insecure OAuth implementation, as the 'redirect_uri' parameter is missing validation during the authorization flow. This makes it possible for unauthenticated attackers to intercept the authorization code and obtain an access token by redirecting the user to an attacker-controlled URI. Note: OAuth is disabled, the 'Meow_MWAI_Labs_OAuth' class is not loaded in the plugin in the patched version 2.8.5. |
2025-08-13T19:34:26.383 |
https://cve.circl.lu/cve/CVE-2025-6238 |
| CVE-2025-54074 |
N/A |
OAuth |
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-54074 |
| CVE-2025-54382 |
6.0 |
OAuth |
Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirection endpoints and failure to properly sanitize the URL. This issue has been patched in version 1.5.2. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-54382 |
| CVE-2022-1292 |
5.9 |
OpenSSL |
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). |
2025-08-13T14:15:28.717 |
https://cve.circl.lu/cve/CVE-2022-1292 |
| CVE-2025-2768 |
5.9 |
OpenSSL |
Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25041. |
2025-08-14T14:39:08.910 |
https://cve.circl.lu/cve/CVE-2025-2768 |
| CVE-2025-2769 |
5.9 |
OpenSSL |
Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25295. |
2025-08-14T14:33:23.297 |
https://cve.circl.lu/cve/CVE-2025-2769 |
| CVE-2025-5480 |
5.9 |
OpenSSL |
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767. |
2025-08-18T15:59:15.010 |
https://cve.circl.lu/cve/CVE-2025-5480 |
| CVE-2025-38506 |
N/A |
Oracle |
In the Linux kernel, the following vulnerability has been resolved:KVM: Allow CPU to reschedule while setting per-page memory attributesWhen running an SEV-SNP guest with a sufficiently large amount of memory (1TB+),the host can experience CPU soft lockups when running an operation inkvm_vm_set_mem_attributes() to set memory attributes on the wholerange of guest memory.watchdog: BUG: soft lockup - CPU#8 stuck for 26s! [qemu-kvm:6372]CPU: 8 UID: 0 PID: 6372 Comm: qemu-kvm Kdump: loaded Not tainted 6.15.0-rc7.20250520.el9uek.rc1.x86_64 #1 PREEMPT(voluntary)Hardware name: Oracle Corporation ORACLE SERVER E4-2c/Asm,MB Tray,2U,E4-2c, BIOS 78016600 11/13/2024RIP: 0010:xas_create+0x78/0x1f0Code: 00 00 00 41 80 fc 01 0f 84 82 00 00 00 ba 06 00 00 00 bd 06 00 00 00 49 8b 45 08 4d 8d 65 08 41 39 d6 73 20 83 ed 06 48 85 c0 <74> 67 48 89 c2 83 e2 03 48 83 fa 02 75 0c 48 3d 00 10 00 00 0f 87RSP: 0018:ffffad890a34b940 EFLAGS: 00000286RAX: ffff96f30b261daa RBX: ffffad890a34b9c8 RCX: 0000000000000000RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000RBP: 0000000000000018 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000000 R12: ffffad890a356868R13: ffffad890a356860 R14: 0000000000000000 R15: ffffad890a356868FS: 00007f5578a2a400(0000) GS:ffff97ed317e1000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00007f015c70fb18 CR3: 00000001109fd006 CR4: 0000000000f70ef0PKRU: 55555554Call Trace: <TASK> xas_store+0x58/0x630 __xa_store+0xa5/0x130 xa_store+0x2c/0x50 kvm_vm_set_mem_attributes+0x343/0x710 [kvm] kvm_vm_ioctl+0x796/0xab0 [kvm] __x64_sys_ioctl+0xa3/0xd0 do_syscall_64+0x8c/0x7a0 entry_SYSCALL_64_after_hwframe+0x76/0x7eRIP: 0033:0x7f5578d031bbCode: ff ff ff 85 c0 79 9b 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 2d 4c 0f 00 f7 d8 64 89 01 48RSP: 002b:00007ffe0a742b88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010RAX: ffffffffffffffda RBX: 000000004020aed2 RCX: 00007f5578d031bbRDX: 00007ffe0a742c80 RSI: 000000004020aed2 RDI: 000000000000000bRBP: 0000010000000000 R08: 0000010000000000 R09: 0000017680000000R10: 0000000000000080 R11: 0000000000000246 R12: 00005575e5f95120R13: 00007ffe0a742c80 R14: 0000000000000008 R15: 00005575e5f961e0While looping through the range of memory setting the attributes,call cond_resched() to give the scheduler a chance to run a higherpriority task on the runqueue if necessary and avoid staying inkernel mode long enough to trigger the lockup. |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-38506 |
| CVE-2023-50234 |
5.9 |
Office |
Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of XLS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20386. |
2025-08-15T20:45:54.927 |
https://cve.circl.lu/cve/CVE-2023-50234 |
| CVE-2023-50235 |
5.9 |
Office |
Hancom Office Show PPT File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of PPT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20387. |
2025-08-14T15:32:48.027 |
https://cve.circl.lu/cve/CVE-2023-50235 |
| CVE-2023-51598 |
5.9 |
Office |
Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384. |
2025-08-14T01:44:33.740 |
https://cve.circl.lu/cve/CVE-2023-51598 |
| CVE-2025-49712 |
5.9 |
Office |
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
2025-08-15T17:48:21.737 |
https://cve.circl.lu/cve/CVE-2025-49712 |
| CVE-2025-24523 |
1.4 |
Orchestrator |
Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-24523 |
| CVE-2025-24840 |
3.7 |
Orchestrator |
Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-24840 |
| CVE-2025-24921 |
4.0 |
Orchestrator |
Improper neutralization for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-24921 |
| CVE-2025-26472 |
3.6 |
Orchestrator |
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-26472 |
| CVE-2025-27250 |
1.4 |
Orchestrator |
Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-27250 |
| CVE-2024-0844 |
3.4 |
PHP |
The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
2025-08-15T20:34:26.460 |
https://cve.circl.lu/cve/CVE-2024-0844 |
| CVE-2024-8925 |
1.4 |
PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. |
2025-08-19T16:25:49.630 |
https://cve.circl.lu/cve/CVE-2024-8925 |
| CVE-2024-8926 |
5.9 |
PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. |
2025-08-19T16:26:02.750 |
https://cve.circl.lu/cve/CVE-2024-8926 |
| CVE-2024-8927 |
3.6 |
PHP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. |
2025-08-19T16:26:31.773 |
https://cve.circl.lu/cve/CVE-2024-8927 |
| CVE-2025-2180 |
N/A |
Palo Alto |
An unsafe deserialization vulnerability in Palo Alto Networks Checkov by Prisma® Cloud allows an authenticated user to execute arbitrary code as a non administrative user by scanning a malicious terraform file when using Checkov in Prisma® Cloud.This issue impacts Checkov 3.0 versions earlier than Checkov 3.2.415. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-2180 |
| CVE-2025-2181 |
N/A |
Palo Alto |
A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-2181 |
| CVE-2025-2182 |
N/A |
Palo Alto |
A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster.A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-2182 |
| CVE-2025-2183 |
N/A |
Palo Alto |
An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-2183 |
| CVE-2025-2184 |
N/A |
Palo Alto |
A credential management flaw in Palo Alto Networks Cortex XDR® Broker VM causes different Broker VM images to share identical default credentials for internal services. Users knowing these default credentials could access internal services on other Broker VM installations.The attacker must have network access to the Broker VM to exploit this issue. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-2184 |
| CVE-2025-53761 |
5.9 |
Powerpoint |
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
2025-08-15T16:51:28.797 |
https://cve.circl.lu/cve/CVE-2025-53761 |
| CVE-2024-42367 |
2.5 |
Python |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants are symbolic links. The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default). It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing the `Path.stat()` and `Path.open()` to send the file. Version 3.10.2 contains a patch for the issue. |
2025-08-19T15:12:45.730 |
https://cve.circl.lu/cve/CVE-2024-42367 |
| CVE-2024-52303 |
3.6 |
Python |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch. |
2025-08-15T13:39:10.670 |
https://cve.circl.lu/cve/CVE-2024-52303 |
| CVE-2025-2000 |
5.9 |
Python |
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. |
2025-08-18T18:19:55.490 |
https://cve.circl.lu/cve/CVE-2025-2000 |
| CVE-2025-46725 |
5.9 |
Python |
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may be able to make the agent run malicious commands through `QueryPlan.dataframe_calc]`) compromising the host system. Langroid 0.53.15 sanitizes input to the affected function by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation. |
2025-08-13T16:37:02.567 |
https://cve.circl.lu/cve/CVE-2025-46725 |
| CVE-2024-56199 |
4.2 |
Phishing |
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability. |
2025-08-14T17:54:26.950 |
https://cve.circl.lu/cve/CVE-2024-56199 |
| CVE-2025-2824 |
4.0 |
Phishing |
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. |
2025-08-14T18:49:21.380 |
https://cve.circl.lu/cve/CVE-2025-2824 |
| CVE-2025-50340 |
1.4 |
Phishing |
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system. NOTE: this is disputed by the Supplier because the only effective way to prevent this sender spoofing is on the SMTP server, not within a client such as SOGo. |
2025-08-15T19:15:34.013 |
https://cve.circl.lu/cve/CVE-2025-50340 |
| CVE-2025-8910 |
2.7 |
Phishing |
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-8910 |
| CVE-2025-37925 |
3.6 |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:jfs: reject on-disk inodes of an unsupported typeSyzbot has reported the following BUG:kernel BUG at fs/inode.c:668!Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTICPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014RIP: 0010:clear_inode+0x168/0x190Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7fRSP: 0018:ffffc900027dfae8 EFLAGS: 00010093RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? clear_inode+0x168/0x190 ? do_error_trap+0x1dc/0x2c0 ? clear_inode+0x168/0x190 ? __pfx_do_error_trap+0x10/0x10 ? report_bug+0x3cd/0x500 ? handle_invalid_op+0x34/0x40 ? clear_inode+0x168/0x190 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? clear_inode+0x57/0x190 ? clear_inode+0x167/0x190 ? clear_inode+0x168/0x190 ? clear_inode+0x167/0x190 jfs_evict_inode+0xb5/0x440 ? __pfx_jfs_evict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfx_txUpdateMap+0x10/0x10 jfs_lazycommit+0x49a/0xb80 ? _raw_spin_unlock_irqrestore+0x8f/0x140 ? lockdep_hardirqs_on+0x99/0x150 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_default_wake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfx_jfs_lazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4d/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK>This happens when 'clear_inode()' makes an attempt to finalize an underlyingJFS inode of unknown type. According to JFS layout description fromhttps://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to15 are reserved for future extensions and should not be encountered on a validfilesystem. So add an extra check for valid inode type in 'copy_from_dinode()'. |
2025-08-15T16:15:29.140 |
https://cve.circl.lu/cve/CVE-2025-37925 |
| CVE-2025-38500 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:xfrm: interface: fix use-after-free after changing collect_md xfrm interfacecollect_md property on xfrm interfaces can only be set on device creation,thus xfrmi_changelink() should fail when called on such interfaces.The check to enforce this was done only in the case where the xi wasreturned from xfrmi_locate() which doesn't look for the collect_mdinterface, and thus the validation was never reached.Calling changelink would thus errornously place the special interface xiin the xfrmi_net->xfrmi hash, but since it also exists in thexfrmi_net->collect_md_xfrmi pointer it would lead to a double free whenthe net namespace was taken down [1].Change the check to use the xi from netdev_priv which is available earlierin the function to prevent changes in xfrm collect_md interfaces.[1] resulting oops:[ 8.516540] kernel BUG at net/core/dev.c:12029![ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI[ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary)[ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014[ 8.516569] Workqueue: netns cleanup_net[ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0[ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24[ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206[ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60[ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122[ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100[ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00[ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00[ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000[ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0[ 8.516625] PKRU: 55555554[ 8.516627] Call Trace:[ 8.516632] <TASK>[ 8.516635] ? rtnl_is_locked+0x15/0x20[ 8.516641] ? unregister_netdevice_queue+0x29/0xf0[ 8.516650] ops_undo_list+0x1f2/0x220[ 8.516659] cleanup_net+0x1ad/0x2e0[ 8.516664] process_one_work+0x160/0x380[ 8.516673] worker_thread+0x2aa/0x3c0[ 8.516679] ? __pfx_worker_thread+0x10/0x10[ 8.516686] kthread+0xfb/0x200[ 8.516690] ? __pfx_kthread+0x10/0x10[ 8.516693] ? __pfx_kthread+0x10/0x10[ 8.516697] ret_from_fork+0x82/0xf0[ 8.516705] ? __pfx_kthread+0x10/0x10[ 8.516709] ret_from_fork_asm+0x1a/0x30[ 8.516718] </TASK> |
2025-08-15T16:15:29.433 |
https://cve.circl.lu/cve/CVE-2025-38500 |
| CVE-2025-38517 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users()alloc_tag_top_users() attempts to lock alloc_tag_cttype->mod_lock evenwhen the alloc_tag_cttype is not allocated because: 1) alloc tagging is disabled because mem profiling is disabled (!alloc_tag_cttype) 2) alloc tagging is enabled, but not yet initialized (!alloc_tag_cttype) 3) alloc tagging is enabled, but failed initialization (!alloc_tag_cttype or IS_ERR(alloc_tag_cttype))In all cases, alloc_tag_cttype is not allocated, and thereforealloc_tag_top_users() should not attempt to acquire the semaphore.This leads to a crash on memory allocation failure by attempting toacquire a non-existent semaphore: Oops: general protection fault, probably for non-canonical address 0xdffffc000000001b: 0000 [#3] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000000d8-0x00000000000000df] CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G D 6.16.0-rc2 #1 VOLUNTARY Tainted: [D]=DIE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:down_read_trylock+0xaa/0x3b0 Code: d0 7c 08 84 d2 0f 85 a0 02 00 00 8b 0d df 31 dd 04 85 c9 75 29 48 b8 00 00 00 00 00 fc ff df 48 8d 6b 68 48 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 88 02 00 00 48 3b 5b 68 0f 85 53 01 00 00 65 ff RSP: 0000:ffff8881002ce9b8 EFLAGS: 00010016 RAX: dffffc0000000000 RBX: 0000000000000070 RCX: 0000000000000000 RDX: 000000000000001b RSI: 000000000000000a RDI: 0000000000000070 RBP: 00000000000000d8 R08: 0000000000000001 R09: ffffed107dde49d1 R10: ffff8883eef24e8b R11: ffff8881002cec20 R12: 1ffff11020059d37 R13: 00000000003fff7b R14: ffff8881002cec20 R15: dffffc0000000000 FS: 00007f963f21d940(0000) GS:ffff888458ca6000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f963f5edf71 CR3: 000000010672c000 CR4: 0000000000350ef0 Call Trace: <TASK> codetag_trylock_module_list+0xd/0x20 alloc_tag_top_users+0x369/0x4b0 __show_mem+0x1cd/0x6e0 warn_alloc+0x2b1/0x390 __alloc_frozen_pages_noprof+0x12b9/0x21a0 alloc_pages_mpol+0x135/0x3e0 alloc_slab_page+0x82/0xe0 new_slab+0x212/0x240 ___slab_alloc+0x82a/0xe00 </TASK>As David Wang points out, this issue became easier to trigger after commit780138b12381 ("alloc_tag: check mem_profiling_support in alloc_tag_init").Before the commit, the issue occurred only when it failed to allocate andinitialize alloc_tag_cttype or if a memory allocation fails beforealloc_tag_init() is called. After the commit, it can be easily triggeredwhen memory profiling is compiled but disabled at boot.To properly determine whether alloc_tag_init() has been called and itsdata structures initialized, verify that alloc_tag_cttype is a validpointer before acquiring the semaphore. If the variable is NULL or anerror value, it has not been properly initialized. In such a case, justskip and do not attempt to acquire the semaphore.[harry.yoo@oracle.com: v3] |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-38517 |
| CVE-2025-5777 |
3.6 |
RDP |
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
2025-08-14T14:52:35.357 |
https://cve.circl.lu/cve/CVE-2025-5777 |
| CVE-2025-25248 |
3.6 |
RDP |
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests. |
2025-08-14T01:21:03.040 |
https://cve.circl.lu/cve/CVE-2025-25248 |
| CVE-2025-5417 |
5.2 |
Red Hat |
An insufficient access control vulnerability was found in the Red HatDeveloper Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access therhdh/rhdh-hub-rhel9 container image and modify the image's content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts. |
2025-08-19T16:15:29.083 |
https://cve.circl.lu/cve/CVE-2025-5417 |
| CVE-2025-54785 |
5.9 |
Ransomware |
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1. |
2025-08-13T18:12:57.417 |
https://cve.circl.lu/cve/CVE-2025-54785 |
| CVE-2025-50171 |
5.2 |
Remote Desktop |
Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. |
2025-08-14T17:06:56.290 |
https://cve.circl.lu/cve/CVE-2025-50171 |
| CVE-2025-53722 |
3.6 |
Remote Desktop |
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. |
2025-08-18T16:57:34.573 |
https://cve.circl.lu/cve/CVE-2025-53722 |
| CVE-2024-6971 |
3.6 |
Repository |
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim's computer, potentially installing multiple packages and causing a crash. |
2025-08-15T20:38:03.347 |
https://cve.circl.lu/cve/CVE-2024-6971 |
| CVE-2021-27921 |
3.6 |
Repo |
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. |
2025-08-15T05:15:28.557 |
https://cve.circl.lu/cve/CVE-2021-27921 |
| CVE-2021-27922 |
3.6 |
Repo |
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. |
2025-08-15T05:15:29.710 |
https://cve.circl.lu/cve/CVE-2021-27922 |
| CVE-2021-27923 |
3.6 |
Repo |
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. |
2025-08-15T05:15:29.843 |
https://cve.circl.lu/cve/CVE-2021-27923 |
| CVE-2024-9026 |
1.4 |
SAP |
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. |
2025-08-19T16:26:19.737 |
https://cve.circl.lu/cve/CVE-2024-9026 |
| CVE-2023-51637 |
5.9 |
SQL |
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the DICOM service, which listens on TCP port 11122 by default. When parsing the NAME element of the PATIENT record, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21579. |
2025-08-14T19:28:44.907 |
https://cve.circl.lu/cve/CVE-2023-51637 |
| CVE-2025-3277 |
5.9 |
SQL |
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. |
2025-08-18T21:28:16.380 |
https://cve.circl.lu/cve/CVE-2025-3277 |
| CVE-2025-27495 |
5.9 |
SQL |
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'CreateTrace' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on. (ZDI-CAN-25911) |
2025-08-19T14:49:42.453 |
https://cve.circl.lu/cve/CVE-2025-27495 |
| CVE-2025-44964 |
3.4 |
SSL |
A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. |
2025-08-14T16:08:50.163 |
https://cve.circl.lu/cve/CVE-2025-44964 |
| CVE-2025-52585 |
3.6 |
SSL |
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-52585 |
| CVE-2025-20127 |
4.0 |
SSL |
A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests.This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition.Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-20127 |
| CVE-2025-20133 |
4.0 |
SSL |
A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS condition.This vulnerability is due to ineffective validation of user-supplied input during the Remote Access SSL VPN authentication process. An attacker could exploit this vulnerability by sending a crafted request to the VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition where the device stops responding to Remote Access SSL VPN authentication requests. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-20133 |
| CVE-2025-53760 |
4.2 |
SharePoint |
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. |
2025-08-15T16:51:11.303 |
https://cve.circl.lu/cve/CVE-2025-53760 |
| CVE-2025-0620 |
5.9 |
Samba |
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. |
2025-08-13T15:12:08.490 |
https://cve.circl.lu/cve/CVE-2025-0620 |
| CVE-2024-43410 |
3.6 |
SSH |
Russh is a Rust SSH client & server library. Allocating an untrusted amount of memory allows any unauthenticated user to OOM a russh server. An SSH packet consists of a 4-byte big-endian length, followed by a byte stream of this length.After parsing and potentially decrypting the 4-byte length, russh allocates enough memory for this bytestream, as a performance optimization to avoid reallocations later. But this length is entirely untrusted and can be set to any value by the client, causing this much memory to be allocated, which will cause the process to OOM within a few such requests. This vulnerability is fixed in 0.44.1. |
2025-08-13T18:32:43.660 |
https://cve.circl.lu/cve/CVE-2024-43410 |
| CVE-2025-54804 |
3.6 |
SSH |
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1. |
2025-08-13T18:32:38.050 |
https://cve.circl.lu/cve/CVE-2025-54804 |
| CVE-2025-8731 |
5.9 |
SSH |
A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid." |
2025-08-13T09:15:29.513 |
https://cve.circl.lu/cve/CVE-2025-8731 |
| CVE-2025-43982 |
5.9 |
SSH |
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. |
2025-08-14T14:15:30.987 |
https://cve.circl.lu/cve/CVE-2025-43982 |
| CVE-2023-30308 |
3.6 |
SES |
An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of service. |
2025-08-13T14:06:58.097 |
https://cve.circl.lu/cve/CVE-2023-30308 |
| CVE-2025-6037 |
5.9 |
TLS |
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23. |
2025-08-13T18:09:00.140 |
https://cve.circl.lu/cve/CVE-2025-6037 |
| CVE-2025-0309 |
N/A |
TLS |
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges. |
2025-08-15T13:15:30.470 |
https://cve.circl.lu/cve/CVE-2025-0309 |
| CVE-2025-33142 |
3.6 |
TLS |
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. |
2025-08-18T18:05:01.200 |
https://cve.circl.lu/cve/CVE-2025-33142 |
| CVE-2025-8810 |
5.9 |
Tenda |
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
2025-08-14T16:29:26.347 |
https://cve.circl.lu/cve/CVE-2025-8810 |
| CVE-2025-8939 |
5.9 |
Tenda |
A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
2025-08-19T18:35:22.420 |
https://cve.circl.lu/cve/CVE-2025-8939 |
| CVE-2025-8940 |
5.9 |
Tenda |
A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
2025-08-19T18:42:24.900 |
https://cve.circl.lu/cve/CVE-2025-8940 |
| CVE-2025-8958 |
5.9 |
Tenda |
A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
2025-08-14T13:11:53.633 |
https://cve.circl.lu/cve/CVE-2025-8958 |
| CVE-2025-8979 |
5.9 |
Tenda |
A vulnerability was identified in Tenda AC15 15.13.07.13. Affected by this vulnerability is the function check_fw_type/split_fireware/check_fw of the component Firmware Update Handler. The manipulation leads to insufficient verification of data authenticity. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. |
2025-08-18T15:03:49.693 |
https://cve.circl.lu/cve/CVE-2025-8979 |
| CVE-2025-7342 |
5.9 |
VMware |
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and the vulnerability was exploited during the build process, which requires an attacker to access the build VM and modify the image while the build is in progress. |
2025-08-20T01:15:31.027 |
https://cve.circl.lu/cve/CVE-2025-7342 |
| CVE-2025-20222 |
4.0 |
VPN |
A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.This vulnerability is due to improper processing of IPv6 packets. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device. A successful exploit could allow the attacker to trigger a reload of the device, resulting in a DoS condition. |
2025-08-15T13:12:51.217 |
https://cve.circl.lu/cve/CVE-2025-20222 |
| CVE-2024-43790 |
3.4 |
Vim |
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689. |
2025-08-18T17:08:16.193 |
https://cve.circl.lu/cve/CVE-2024-43790 |
| CVE-2024-47814 |
2.5 |
Vim |
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
2025-08-18T17:08:13.370 |
https://cve.circl.lu/cve/CVE-2024-47814 |
| CVE-2025-24014 |
3.4 |
Vim |
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. |
2025-08-14T01:40:54.367 |
https://cve.circl.lu/cve/CVE-2025-24014 |
| CVE-2025-1215 |
1.4 |
Vim |
A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. |
2025-08-13T17:28:19.607 |
https://cve.circl.lu/cve/CVE-2025-1215 |
| CVE-2025-49707 |
5.8 |
Virtual Machine |
Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. |
2025-08-13T17:34:12.350 |
https://cve.circl.lu/cve/CVE-2025-49707 |
| CVE-2025-53781 |
4.0 |
Virtual Machine |
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. |
2025-08-13T17:33:46.673 |
https://cve.circl.lu/cve/CVE-2025-53781 |
| CVE-2025-50161 |
5.9 |
Win32k |
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
2025-08-14T17:13:31.473 |
https://cve.circl.lu/cve/CVE-2025-50161 |
| CVE-2025-50168 |
5.9 |
Win32k |
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
2025-08-19T14:20:55.890 |
https://cve.circl.lu/cve/CVE-2025-50168 |
| CVE-2025-53132 |
5.9 |
Win32k |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network. |
2025-08-19T14:37:12.377 |
https://cve.circl.lu/cve/CVE-2025-53132 |
| CVE-2022-29376 |
5.9 |
Windows |
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. |
2025-08-15T15:15:28.877 |
https://cve.circl.lu/cve/CVE-2022-29376 |
| CVE-2024-45077 |
3.6 |
Windows |
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. |
2025-08-14T15:18:56.307 |
https://cve.circl.lu/cve/CVE-2024-45077 |
| CVE-2024-1242 |
2.7 |
WordPress |
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2025-08-15T20:33:58.973 |
https://cve.circl.lu/cve/CVE-2024-1242 |
| CVE-2024-1504 |
1.4 |
WordPress |
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupress_blackhole_ban_ip() function. This makes it possible for unauthenticated attackers to block a user's IP via a forged request granted they can trick the user into performing an action such as clicking on a link. |
2025-08-15T19:54:37.330 |
https://cve.circl.lu/cve/CVE-2024-1504 |
| CVE-2023-44439 |
5.9 |
Xen |
Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process.. Was ZDI-CAN-21679. |
2025-08-18T15:30:09.197 |
https://cve.circl.lu/cve/CVE-2023-44439 |
| CVE-2025-41392 |
5.9 |
Xen |
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. |
2025-08-19T13:43:02.347 |
https://cve.circl.lu/cve/CVE-2025-41392 |
| CVE-2025-53705 |
5.9 |
Xen |
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. |
2025-08-19T13:43:02.347 |
https://cve.circl.lu/cve/CVE-2025-53705 |
| CVE-2025-46269 |
5.9 |
Xen |
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. |
2025-08-19T13:43:02.347 |
https://cve.circl.lu/cve/CVE-2025-46269 |
| CVE-2025-52584 |
5.9 |
Xen |
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. |
2025-08-19T13:43:02.347 |
https://cve.circl.lu/cve/CVE-2025-52584 |
| CVE-2023-33322 |
3.7 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n/a before 3.2.25. |
2025-08-15T19:37:24.407 |
https://cve.circl.lu/cve/CVE-2023-33322 |
| CVE-2024-43238 |
3.7 |
XSS |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. |
2025-08-15T20:40:16.267 |
https://cve.circl.lu/cve/CVE-2024-43238 |
| CVE-2024-43958 |
3.7 |
XSS |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5. |
2025-08-15T20:40:07.707 |
https://cve.circl.lu/cve/CVE-2024-43958 |
| CVE-2024-53989 |
2.7 |
XSS |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1. |
2025-08-15T19:41:58.933 |
https://cve.circl.lu/cve/CVE-2024-53989 |
| CVE-2024-53985 |
2.7 |
XSS |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1. |
2025-08-15T19:41:49.843 |
https://cve.circl.lu/cve/CVE-2024-53985 |
| CVE-2025-38508 |
N/A |
X86 |
In the Linux kernel, the following vulnerability has been resolved:x86/sev: Use TSC_FACTOR for Secure TSC frequency calculationWhen using Secure TSC, the GUEST_TSC_FREQ MSR reports a frequency based onthe nominal P0 frequency, which deviates slightly (typically ~0.2%) fromthe actual mean TSC frequency due to clocking parameters.Over extended VM uptime, this discrepancy accumulates, causing clock skewbetween the hypervisor and a SEV-SNP VM, leading to early timer interrupts asperceived by the guest.The guest kernel relies on the reported nominal frequency for TSC-basedtimekeeping, while the actual frequency set during SNP_LAUNCH_START maydiffer. This mismatch results in inaccurate time calculations, causing theguest to perceive hrtimers as firing earlier than expected.Utilize the TSC_FACTOR from the SEV firmware's secrets page (see "SecretsPage Format" in the SNP Firmware ABI Specification) to calculate the meanTSC frequency, ensuring accurate timekeeping and mitigating clock skew inSEV-SNP VMs.Use early_ioremap_encrypted() to map the secrets page asioremap_encrypted() uses kmalloc() which is not available during early TSCinitialization and causes a panic. [ bp: Drop the silly dummy var: https://lore.kernel.org/r/20250630192726.GBaGLlHl84xIopx4Pt@fat_crate.local ] |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-38508 |
| CVE-2025-38518 |
N/A |
X86 |
In the Linux kernel, the following vulnerability has been resolved:x86/CPU/AMD: Disable INVLPGB on Zen2AMD Cyan Skillfish (Family 17h, Model 47h, Stepping 0h) has an issuethat causes system oopses and panics when performing TLB flush usingINVLPGB.However, the problem is that that machine has misconfigured CPUID andshould not report the INVLPGB bit in the first place. So zap thekernel's representation of the flag so that nothing gets confused. [ bp: Massage. ] |
2025-08-18T20:16:28.750 |
https://cve.circl.lu/cve/CVE-2025-38518 |
| CVE-2025-38560 |
N/A |
X86 |
In the Linux kernel, the following vulnerability has been resolved:x86/sev: Evict cache lines during SNP memory validationAn SNP cache coherency vulnerability requires a cache line evictionmitigation when validating memory after a page state change to private.The specific mitigation is to touch the first and last byte of each 4Kpage that is being validated. There is no need to perform the mitigationwhen performing a page state change to shared and rescinding validation.CPUID bit Fn8000001F_EBX[31] defines the COHERENCY_SFW_NO CPUID bitthat, when set, indicates that the software mitigation for thisvulnerability is not needed.Implement the mitigation and invoke it when validating memory (making itprivate) and the COHERENCY_SFW_NO bit is not set, indicating the SNPguest is vulnerable. |
2025-08-19T17:15:32.370 |
https://cve.circl.lu/cve/CVE-2025-38560 |
| CVE-2025-38565 |
N/A |
X86 |
In the Linux kernel, the following vulnerability has been resolved:perf/core: Exit early on perf_mmap() failWhen perf_mmap() fails to allocate a buffer, it still invokes theevent_mapped() callback of the related event. On X86 this might increasethe perf_rdpmc_allowed reference counter. But nothing undoes this asperf_mmap_close() is never called in this case, which causes anotherreference count leak.Return early on failure to prevent that. |
2025-08-19T17:15:33.077 |
https://cve.circl.lu/cve/CVE-2025-38565 |
| CVE-2025-21756 |
5.9 |
X64 |
In the Linux kernel, the following vulnerability has been resolved:vsock: Keep the binding until socket destructionPreserve sockets bindings; this includes both resulting from an explicitbind() and those implicitly bound through autobind during connect().Prevents socket unbinding during a transport reassignment, which fixes ause-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved to bound list (refcnt=1) 3. vsock_bind() assumes sk is in unbound list and before __vsock_insert_bound(vsock_bound_sockets()) calls __vsock_remove_bound() which does: list_del_init(&vsk->bound_table); // nop sock_put(&vsk->sk); // refcnt=0BUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730Read of size 4 at addr ffff88816b46a74c by task a.out/2057 dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 __vsock_bind+0x62e/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7eAllocated by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 __vsock_create.constprop.0+0x2e/0xb60 vsock_create+0xe4/0x420 __sock_create+0x241/0x650 __sys_socket+0xf2/0x1a0 __x64_sys_socket+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7eFreed by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 __vsock_bind+0x5e1/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7erefcount_t: addition on 0; use-after-free.WARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150RIP: 0010:refcount_warn_saturate+0xce/0x150 __vsock_bind+0x66d/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7erefcount_t: underflow; use-after-free.WARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150RIP: 0010:refcount_warn_saturate+0xee/0x150 vsock_remove_bound+0x187/0x1e0 __vsock_release+0x383/0x4a0 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x359/0xa80 task_work_run+0x107/0x1d0 do_exit+0x847/0x2560 do_group_exit+0xb8/0x250 __x64_sys_exit_group+0x3a/0x50 x64_sys_call+0xfec/0x14f0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e |
2025-08-14T21:15:27.960 |
https://cve.circl.lu/cve/CVE-2025-21756 |
| CVE-2025-38559 |
N/A |
X64 |
In the Linux kernel, the following vulnerability has been resolved:platform/x86/intel/pmt: fix a crashlog NULL pointer accessUsage of the intel_pmt_read() for binary sysfs, requires a pcidev. Thecurrent use of the endpoint value is only valid for telemetry endpointusage.Without the ep, the crashlog usage causes the following NULL pointerexception:BUG: kernel NULL pointer dereference, address: 0000000000000000Oops: Oops: 0000 [#1] SMP NOPTIRIP: 0010:intel_pmt_read+0x3b/0x70 [pmt_class]Code:Call Trace: <TASK> ? sysfs_kf_bin_read+0xc0/0xe0 kernfs_fop_read_iter+0xac/0x1a0 vfs_read+0x26d/0x350 ksys_read+0x6b/0xe0 __x64_sys_read+0x1d/0x30 x64_sys_call+0x1bc8/0x1d70 do_syscall_64+0x6d/0x110Augment struct intel_pmt_entry with a pointer to the pcidev to avoidthe NULL pointer exception. |
2025-08-19T17:15:32.233 |
https://cve.circl.lu/cve/CVE-2025-38559 |
| CVE-2025-38577 |
N/A |
X64 |
In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to avoid panic in f2fs_evict_inodeAs syzbot [1] reported as below:R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 </TASK>---[ end trace 0000000000000000 ]---==================================================================BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62Read of size 8 at addr ffff88812d962278 by task syz-executor/564CPU: 1 PID: 564 Comm: syz-executor Tainted: G W 6.1.129-syzkaller #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025Call Trace: <TASK> __dump_stack+0x21/0x24 lib/dump_stack.c:88 dump_stack_lvl+0xee/0x158 lib/dump_stack.c:106 print_address_description+0x71/0x210 mm/kasan/report.c:316 print_report+0x4a/0x60 mm/kasan/report.c:427 kasan_report+0x122/0x150 mm/kasan/report.c:531 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [inline] list_del_init include/linux/list.h:206 [inline] f2fs_inode_synced+0xf7/0x2e0 fs/f2fs/super.c:1531 f2fs_update_inode+0x74/0x1c40 fs/f2fs/inode.c:585 f2fs_update_inode_page+0x137/0x170 fs/f2fs/inode.c:703 f2fs_write_inode+0x4ec/0x770 fs/f2fs/inode.c:731 write_inode fs/fs-writeback.c:1460 [inline] __writeback_single_inode+0x4a0/0xab0 fs/fs-writeback.c:1677 writeback_single_inode+0x221/0x8b0 fs/fs-writeback.c:1733 sync_inode_metadata+0xb6/0x110 fs/fs-writeback.c:2789 f2fs_sync_inode_meta+0x16d/0x2a0 fs/f2fs/checkpoint.c:1159 block_operations fs/f2fs/checkpoint.c:1269 [inline] f2fs_write_checkpoint+0xca3/0x2100 fs/f2fs/checkpoint.c:1658 kill_f2fs_super+0x231/0x390 fs/f2fs/super.c:4668 deactivate_locked_super+0x98/0x100 fs/super.c:332 deactivate_super+0xaf/0xe0 fs/super.c:363 cleanup_mnt+0x45f/0x4e0 fs/namespace.c:1186 __cleanup_mnt+0x19/0x20 fs/namespace.c:1193 task_work_run+0x1c6/0x230 kernel/task_work.c:203 exit_task_work include/linux/task_work.h:39 [inline] do_exit+0x9fb/0x2410 kernel/exit.c:871 do_group_exit+0x210/0x2d0 kernel/exit.c:1021 __do_sys_exit_group kernel/exit.c:1032 [inline] __se_sys_exit_group kernel/exit.c:1030 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1030 x64_sys_call+0x7b4/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2RIP: 0033:0x7f28b1b8e169Code: Unable to access opcode bytes at 0x7f28b1b8e13f.RSP: 002b:00007ffe174710a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7RAX: ffffffffffffffda RBX: 00007f28b1c10879 RCX: 00007f28b1b8e169RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001RBP: 0000000000000002 R08: 00007ffe1746ee47 R09: 00007ffe17472360R10: 0000000000000009 R11: 0000000000000246 R12: 00007ffe17472360R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 </TASK>Allocated by task 569: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x25/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x72/0x80 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook+0x4f/0x2c0 mm/slab.h:737 slab_alloc_node mm/slub.c:3398 [inline] slab_alloc mm/slub.c:3406 [inline] __kmem_cache_alloc_lru mm/slub.c:3413 [inline] kmem_cache_alloc_lru+0x104/0x220 mm/slub.c:3429 alloc_inode_sb include/linux/fs.h:3245 [inline] f2fs_alloc_inode+0x2d/0x340 fs/f2fs/super.c:1419 alloc_inode fs/inode.c:261 [inline] iget_locked+0x186/0x880 fs/inode.c:1373 f2fs_iget+0x55/0x4c60 fs/f2fs/inode.c:483 f2fs_lookup+0x366/0xab0 fs/f2fs/namei.c:487 __lookup_slow+0x2a3/0x3d0 fs/namei.c:1690 lookup_slow+0x57/0x70 fs/namei.c:1707 walk_component+0x2e6/0x410 fs/namei---truncated--- |
2025-08-19T17:15:34.720 |
https://cve.circl.lu/cve/CVE-2025-38577 |
| CVE-2025-38578 |
N/A |
X64 |
In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to avoid UAF in f2fs_sync_inode_meta()syzbot reported an UAF issue as below: [1] [2][1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000==================================================================BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkaller-00017-g642656a36791 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025Workqueue: writeback wb_workfn (flush-7:0)Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [inline] list_del_init include/linux/list.h:206 [inline] f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553 f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588 f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706 f2fs_write_inode+0x416/0x790 fs/f2fs/inode.c:734 write_inode fs/fs-writeback.c:1460 [inline] __writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903 __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974 wb_writeback+0x3da/0xa00 fs/fs-writeback.c:2081 wb_check_background_flush fs/fs-writeback.c:2151 [inline] wb_do_writeback fs/fs-writeback.c:2239 [inline] wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446 kthread+0x26d/0x300 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK>Allocated by task 298: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:333 kasan_slab_alloc include/linux/kasan.h:202 [inline] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768 slab_alloc_node mm/slub.c:3421 [inline] slab_alloc mm/slub.c:3431 [inline] __kmem_cache_alloc_lru mm/slub.c:3438 [inline] kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454 alloc_inode_sb include/linux/fs.h:3255 [inline] f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c:1437 alloc_inode fs/inode.c:261 [inline] iget_locked+0x18c/0x7e0 fs/inode.c:1373 f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486 f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei.c:484 __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689 lookup_slow+0x5a/0x80 fs/namei.c:1706 walk_component+0x2e7/0x410 fs/namei.c:1997 lookup_last fs/namei.c:2454 [inline] path_lookupat+0x16d/0x450 fs/namei.c:2478 filename_lookup+0x251/0x600 fs/namei.c:2507 vfs_statx+0x107/0x4b0 fs/stat.c:229 vfs_fstatat fs/stat.c:267 [inline] vfs_lstat include/linux/fs.h:3434 [inline] __do_sys_newlstat fs/stat.c:423 [inline] __se_sys_newlstat+0xda/0x7c0 fs/stat.c:417 __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417 x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2Freed by task 0: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516 ____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249 kasan_slab_free include/linux/kasan.h:178 [inline] slab_free_hook mm/slub.c:1745 [inline] slab_free_freelist_hook mm/slub.c:1771 [inline] slab_free mm/slub.c:3686 [inline] kmem_cache_free+0x---truncated--- |
2025-08-19T17:15:34.870 |
https://cve.circl.lu/cve/CVE-2025-38578 |
| CVE-2025-38581 |
N/A |
X64 |
In the Linux kernel, the following vulnerability has been resolved:crypto: ccp - Fix crash when rebind ccp device for ccp.koWhen CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebindingthe ccp device causes the following crash:$ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/unbind$ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/bind[ 204.976930] BUG: kernel NULL pointer dereference, address: 0000000000000098[ 204.978026] #PF: supervisor write access in kernel mode[ 204.979126] #PF: error_code(0x0002) - not-present page[ 204.980226] PGD 0 P4D 0[ 204.981317] Oops: Oops: 0002 [#1] SMP NOPTI...[ 204.997852] Call Trace:[ 204.999074] <TASK>[ 205.000297] start_creating+0x9f/0x1c0[ 205.001533] debugfs_create_dir+0x1f/0x170[ 205.002769] ? srso_return_thunk+0x5/0x5f[ 205.004000] ccp5_debugfs_setup+0x87/0x170 [ccp][ 205.005241] ccp5_init+0x8b2/0x960 [ccp][ 205.006469] ccp_dev_init+0xd4/0x150 [ccp][ 205.007709] sp_init+0x5f/0x80 [ccp][ 205.008942] sp_pci_probe+0x283/0x2e0 [ccp][ 205.010165] ? srso_return_thunk+0x5/0x5f[ 205.011376] local_pci_probe+0x4f/0xb0[ 205.012584] pci_device_probe+0xdb/0x230[ 205.013810] really_probe+0xed/0x380[ 205.015024] __driver_probe_device+0x7e/0x160[ 205.016240] device_driver_attach+0x2f/0x60[ 205.017457] bind_store+0x7c/0xb0[ 205.018663] drv_attr_store+0x28/0x40[ 205.019868] sysfs_kf_write+0x5f/0x70[ 205.021065] kernfs_fop_write_iter+0x145/0x1d0[ 205.022267] vfs_write+0x308/0x440[ 205.023453] ksys_write+0x6d/0xe0[ 205.024616] __x64_sys_write+0x1e/0x30[ 205.025778] x64_sys_call+0x16ba/0x2150[ 205.026942] do_syscall_64+0x56/0x1e0[ 205.028108] entry_SYSCALL_64_after_hwframe+0x76/0x7e[ 205.029276] RIP: 0033:0x7fbc36f10104[ 205.030420] Code: 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8d 05 e1 08 2e 00 8b 00 85 c0 75 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 f3 c3 66 90 41 54 55 49 89 d4 53 48 89 f5This patch sets ccp_debugfs_dir to NULL after destroying it inccp5_debugfs_destroy, allowing the directory dentry to berecreated when rebinding the ccp device.Tested on AMD Ryzen 7 1700X. |
2025-08-19T17:15:35.280 |
https://cve.circl.lu/cve/CVE-2025-38581 |
| CVE-2024-45419 |
5.2 |
Zoom |
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access. |
2025-08-19T14:22:03.920 |
https://cve.circl.lu/cve/CVE-2024-45419 |
| CVE-2024-45420 |
1.4 |
Zoom |
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access. |
2025-08-19T14:10:52.250 |
https://cve.circl.lu/cve/CVE-2024-45420 |
| CVE-2024-45422 |
2.5 |
Zoom |
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. |
2025-08-19T14:08:46.097 |
https://cve.circl.lu/cve/CVE-2024-45422 |
| CVE-2025-0149 |
2.5 |
Zoom |
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access. |
2025-08-19T17:38:05.023 |
https://cve.circl.lu/cve/CVE-2025-0149 |
| CVE-2025-46785 |
3.6 |
Zoom |
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. |
2025-08-19T19:14:44.837 |
https://cve.circl.lu/cve/CVE-2025-46785 |
