Total
82158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53720 | 2025-08-13 | N/A | 8.0 HIGH | ||
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53718 | 2025-08-13 | N/A | 7.0 HIGH | ||
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-48500 | 2025-08-13 | N/A | 7.3 HIGH | ||
| A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-8912 | 2025-08-13 | N/A | 7.5 HIGH | ||
| Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | |||||
| CVE-2025-49813 | 2025-08-13 | N/A | 7.2 HIGH | ||
| An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. | |||||
| CVE-2025-53744 | 2025-08-13 | N/A | 7.2 HIGH | ||
| An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. | |||||
| CVE-2025-53729 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-46405 | 2025-08-13 | N/A | 7.5 HIGH | ||
| When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-55154 | 2025-08-13 | N/A | 8.8 HIGH | ||
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1. | |||||
| CVE-2025-4410 | 2025-08-13 | N/A | 7.5 HIGH | ||
| A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code. | |||||
| CVE-2025-53793 | 2025-08-13 | N/A | 7.5 HIGH | ||
| Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53788 | 2025-08-13 | N/A | 7.0 HIGH | ||
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-32451 | 2025-08-13 | N/A | 8.8 HIGH | ||
| A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2025-53778 | 2025-08-13 | N/A | 8.8 HIGH | ||
| Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-54222 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-53784 | 2025-08-13 | N/A | 8.4 HIGH | ||
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53779 | 2025-08-13 | N/A | 7.2 HIGH | ||
| Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53733 | 2025-08-13 | N/A | 8.4 HIGH | ||
| Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53734 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-8761 | 2025-08-13 | 7.8 HIGH | 7.5 HIGH | ||
| A vulnerability has been found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This vulnerability affects unknown code of the component Backend IPC Server. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||