Total
82344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54689 | 2025-08-14 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/a through 2.5.7. | |||||
| CVE-2025-52788 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson CaptionPix allows Reflected XSS. This issue affects CaptionPix: from n/a through 1.8. | |||||
| CVE-2025-31425 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3. | |||||
| CVE-2025-28979 | 2025-08-14 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3. | |||||
| CVE-2025-8958 | 2025-08-14 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in Tenda TX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-48860 | 2025-08-14 | N/A | 8.0 HIGH | ||
| A vulnerability in the web application of the ctrlX OS setup mechanism facilitated an authenticated (low privileged) attacker to gain remote access to backup archives created by a user with elevated permissions. Depending on the content of the backup archive, the attacker may have been able to access sensitive data. | |||||
| CVE-2025-52728 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0. | |||||
| CVE-2025-52806 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0. | |||||
| CVE-2025-49267 | 2025-08-14 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Blind SQL Injection. This issue affects Frontend Admin by DynamiApps: from n/a through 3.28.3. | |||||
| CVE-2025-49264 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login allows PHP Local File Inclusion. This issue affects Cloud SAML SSO - Single Sign On Login: from n/a through 1.0.18. | |||||
| CVE-2025-49033 | 2025-08-14 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3. | |||||
| CVE-2025-25172 | 2025-08-14 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4. | |||||
| CVE-2025-6021 | 2025-08-14 | N/A | 7.5 HIGH | ||
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |||||
| CVE-2023-51598 | 1 Hancom | 1 Office Word | 2025-08-14 | N/A | 8.8 HIGH |
| Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384. | |||||
| CVE-2021-34947 | 1 Netgear | 82 D7800, D7800 Firmware, Ex2700 and 79 more | 2025-08-14 | N/A | 8.8 HIGH |
| NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055. | |||||
| CVE-2021-34982 | 1 Netgear | 104 D6220, D6220 Firmware, D6400 and 101 more | 2025-08-14 | N/A | 8.8 HIGH |
| NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709. | |||||
| CVE-2022-0369 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-08-14 | N/A | 8.8 HIGH |
| Triangle MicroWorks SCADA Data Gateway Restore Workspace Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Restore Workspace feature. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17227. | |||||
| CVE-2023-27321 | 1 Opcfoundation | 1 Ua-.netstandard | 2025-08-14 | N/A | 7.5 HIGH |
| OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505. | |||||
| CVE-2025-49560 | 1 Adobe | 1 Substance 3d Viewer | 2025-08-14 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-49569 | 1 Adobe | 1 Substance 3d Viewer | 2025-08-14 | N/A | 7.8 HIGH |
| Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||