Total
82344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38119 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-12 | N/A | 7.8 HIGH |
| Foxit PDF Reader AcroForm signature Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of signature fields. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21326. | |||||
| CVE-2023-38107 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-08-12 | N/A | 7.8 HIGH |
| Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21019. | |||||
| CVE-2024-23963 | 1 Alpsalpine | 2 Ilx-f509, Ilx-f509 Firmware | 2025-08-12 | N/A | 8.0 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the PBAP_DecodeVCARD function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. | |||||
| CVE-2025-39584 | 1 Themewinter | 1 Eventin | 2025-08-12 | N/A | 7.5 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25. | |||||
| CVE-2025-8476 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 8.0 HIGH |
| Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26322. | |||||
| CVE-2025-8475 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 7.4 HIGH |
| Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the implementation of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26321. | |||||
| CVE-2025-8472 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 7.4 HIGH |
| Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-26316. | |||||
| CVE-2025-8480 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 8.0 HIGH |
| Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music streaming application. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26357. | |||||
| CVE-2025-1951 | 1 Ibm | 1 Hardware Management Console | 2025-08-12 | N/A | 8.4 HIGH |
| IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | |||||
| CVE-2025-8477 | 1 Alpsalpine | 2 Ilx-507, Ilx-507 Firmware | 2025-08-12 | N/A | 7.4 HIGH |
| Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the parsing of vCard data. The issue results from the lack of proper validation of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26324. | |||||
| CVE-2025-2328 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-12 | N/A | 8.8 HIGH |
| The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files' function in all versions up to, and including, 1.3.8.7. This makes it possible for unauthenticated attackers to add arbitrary file paths (such as ../../../../wp-config.php) to uploaded files on the server, which can easily lead to remote code execution when an Administrator deletes the message. Exploiting this vulnerability requires the Flamingo plugin to be installed and activated. | |||||
| CVE-2019-4702 | 1 Ibm | 1 Security Guardium Data Encryption | 2025-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | |||||
| CVE-2019-4160 | 1 Ibm | 1 Security Guardium Data Encryption | 2025-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158577. | |||||
| CVE-2025-2485 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-12 | N/A | 7.5 HIGH |
| The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnd_upload_cf7_upload' function. This makes it possible for attackers to inject a PHP Object through a PHAR file. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. This vulnerability may be exploited by unauthenticated attackers when a form is present on the site with the file upload action. The Flamingo plugin must be installed and activated in order to exploit the vulnerability. The vulnerability was partially patched in version 1.3.8.8. | |||||
| CVE-2023-38114 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-12 | N/A | 7.8 HIGH |
| Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21085. | |||||
| CVE-2025-47219 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-12 | N/A | 8.1 HIGH |
| In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. | |||||
| CVE-2025-24298 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 8.4 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | |||||
| CVE-2025-25278 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 8.4 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | |||||
| CVE-2025-27128 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 8.4 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | |||||
| CVE-2025-27577 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 8.4 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition. | |||||