Total
27033 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7210 | 1 Debian | 2 Debian Linux, Pdns | 2025-08-06 | N/A | 9.8 CRITICAL |
| pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected. | |||||
| CVE-2014-0468 | 1 Fusionforge | 1 Fusionforge | 2025-08-06 | N/A | 9.8 CRITICAL |
| Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506. | |||||
| CVE-2025-8454 | 1 Debian | 1 Devscripts | 2025-08-06 | N/A | 9.8 CRITICAL |
| It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | |||||
| CVE-2015-0843 | 1 Debian | 1 Yubiserver | 2025-08-06 | N/A | 9.8 CRITICAL |
| yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | |||||
| CVE-2015-0842 | 1 Debian | 1 Yubiserver | 2025-08-06 | N/A | 9.8 CRITICAL |
| yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | |||||
| CVE-2024-5296 | 1 Dlink | 1 D-view 8 | 2025-08-06 | N/A | 9.8 CRITICAL |
| D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991. | |||||
| CVE-2025-54253 | 2025-08-06 | N/A | 10.0 CRITICAL | ||
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2023-43091 | 1 Gnome | 1 Gnome-maps | 2025-08-06 | N/A | 9.8 CRITICAL |
| A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code. | |||||
| CVE-2025-50706 | 2025-08-05 | N/A | 9.8 CRITICAL | ||
| An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function | |||||
| CVE-2025-46658 | 2025-08-05 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages. | |||||
| CVE-2025-50707 | 2025-08-05 | N/A | 9.8 CRITICAL | ||
| An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component | |||||
| CVE-2025-49084 | 1 Absolute | 1 Secure Access | 2025-08-05 | N/A | 9.1 CRITICAL |
| CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present, privileges required are high and no user interaction is required. There is no impact to confidentiality, the impact to integrity is low, and there is no impact to availability. The impact to confidentiality and availability of subsequent systems is high and the impact to the integrity of subsequent systems is low. | |||||
| CVE-2025-53826 | 1 Filebrowser | 1 Filebrowser | 2025-08-05 | N/A | 9.8 CRITICAL |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of publication, no known patches exist. | |||||
| CVE-2023-20154 | 1 Cisco | 1 Modeling Labs | 2025-08-05 | N/A | 9.1 CRITICAL |
| A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator. A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. | |||||
| CVE-2025-46122 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | 9.1 CRITICAL |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the authenticated diagnostics API endpoint `/admin/_cmdstat.jsp` passes attacker-controlled input to the shell without adequate validation, enabling a remote attacker to specify a target by MAC address and execute arbitrary commands as root. | |||||
| CVE-2025-46121 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, where the functions `stamgr_cfg_adpt_addStaFavourite` and `stamgr_cfg_adpt_addStaIot` pass a client hostname directly to snprintf as the format string. A remote attacker can exploit this flaw either by sending a crafted request to the authenticated endpoint `/admin/_conf.jsp`, or without authentication and without direct network access to the controller by spoofing the MAC address of a favourite station and embedding malicious format specifiers in the DHCP hostname field, resulting in unauthenticated format-string processing and arbitrary code execution on the controller. | |||||
| CVE-2025-46120 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.27 and 200.18.7.1.323, and in Ruckus ZoneDirector prior to 10.5.1.0.282, where a path-traversal flaw in the web interface lets the server execute attacker-supplied EJS templates outside permitted directories, allowing a remote unauthenticated attacker who can upload a template (e.g., via FTP) to escalate privileges and run arbitrary template code on the controller. | |||||
| CVE-2025-46117 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | N/A | 9.1 CRITICAL |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to execute arbitrary commands as root on the controller or specified target. | |||||
| CVE-2025-51535 | 2025-08-05 | N/A | 9.1 CRITICAL | ||
| Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability. | |||||
| CVE-2024-11045 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-08-05 | N/A | 9.6 CRITICAL |
| A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS). | |||||