Total
82344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35392 | 1 Realtek | 1 Rtl819x Jungle Software Development Kit | 2025-08-13 | 7.8 HIGH | 7.5 HIGH |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. | |||||
| CVE-2025-8809 | 1 Anisha | 1 Online Medicine Guide | 2025-08-13 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6634 | 1 Autodesk | 1 3ds Max | 2025-08-13 | N/A | 7.8 HIGH |
| A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-44139 | 1 Emlog | 1 Emlog | 2025-08-13 | N/A | 7.2 HIGH |
| Emlog Pro V2.5.7 is vulnerable to Unrestricted Upload of File with Dangerous Type via /emlog/admin/plugin.php?action=upload_zip | |||||
| CVE-2023-41520 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | 8.8 HIGH |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters. | |||||
| CVE-2023-41521 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | 8.8 HIGH |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters. | |||||
| CVE-2023-41522 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | 8.8 HIGH |
| Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters. | |||||
| CVE-2023-41523 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | 8.8 HIGH |
| Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php. | |||||
| CVE-2023-41524 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2025-08-13 | N/A | 8.8 HIGH |
| Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php. | |||||
| CVE-2025-8811 | 1 Code-projects | 1 Simple Art Gallery | 2025-08-13 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1292 | 6 Debian, Fedoraproject, Netapp and 3 more | 52 Debian Linux, Fedora, A250 and 49 more | 2025-08-13 | 10.0 HIGH | 7.3 HIGH |
| The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). | |||||
| CVE-2025-36048 | 6 Apple, Ibm, Linux and 3 more | 6 Macos, Webmethods Integration, Linux Kernel and 3 more | 2025-08-13 | N/A | 7.2 HIGH |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. | |||||
| CVE-2025-36049 | 6 Apple, Ibm, Linux and 3 more | 6 Macos, Webmethods Integration, Linux Kernel and 3 more | 2025-08-13 | N/A | 8.8 HIGH |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. | |||||
| CVE-2025-3319 | 1 Ibm | 1 Spectrum Protect Server | 2025-08-13 | N/A | 8.1 HIGH |
| IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources. | |||||
| CVE-2024-6468 | 1 Hashicorp | 1 Vault | 2025-08-13 | N/A | 7.5 HIGH |
| Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12. | |||||
| CVE-2025-6206 | 1 Coderevolution | 1 Aiomatic | 2025-08-13 | N/A | 7.5 HIGH |
| The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary. | |||||
| CVE-2024-31887 | 1 Ibm | 1 Security Verify Privilege On-premises | 2025-08-13 | N/A | 7.5 HIGH |
| IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. | |||||
| CVE-2024-25050 | 1 Ibm | 2 I, Rational Developer For I | 2025-08-13 | N/A | 8.4 HIGH |
| IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privileges. IBM X-Force ID: 283242. | |||||
| CVE-2023-27366 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-13 | N/A | 7.8 HIGH |
| Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20225. | |||||
| CVE-2021-21981 | 1 Broadcom | 1 Vmware Nsx-t Data Center | 2025-08-13 | 4.6 MEDIUM | 7.8 HIGH |
| VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | |||||