Total
82112 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-45769 | 2025-08-04 | N/A | 7.3 HIGH | ||
| php-jwt v6.11.0 was discovered to contain weak encryption. | |||||
| CVE-2025-26064 | 2025-08-04 | N/A | 7.3 HIGH | ||
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | |||||
| CVE-2025-45768 | 2025-08-04 | N/A | 7.0 HIGH | ||
| pyjwt v2.10.1 was discovered to contain weak encryption. | |||||
| CVE-2025-50572 | 2025-08-04 | N/A | 8.8 HIGH | ||
| An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. | |||||
| CVE-2025-20700 | 2025-08-04 | N/A | 8.8 HIGH | ||
| In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-20702 | 2025-08-04 | N/A | 8.8 HIGH | ||
| In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-23281 | 2025-08-04 | N/A | 7.0 HIGH | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. | |||||
| CVE-2025-23284 | 2025-08-04 | N/A | 7.8 HIGH | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. | |||||
| CVE-2025-41691 | 2025-08-04 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition. | |||||
| CVE-2025-23283 | 2025-08-04 | N/A | 7.8 HIGH | ||
| NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2025-36607 | 2025-08-04 | N/A | 7.8 HIGH | ||
| Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2025-54136 | 2025-08-04 | N/A | 7.2 HIGH | ||
| Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a collaborator accepts a harmless MCP, the attacker can silently swap it for a malicious command (e.g., calc.exe) without triggering any warning or re-prompt. If an attacker has write permissions on a user's active branches of a source repository that contains existing MCP servers the user has previously approved, or allows an attacker has arbitrary file-write locally, the attacker can achieve arbitrary code execution. This is fixed in version 1.3. | |||||
| CVE-2025-23276 | 2025-08-04 | N/A | 7.8 HIGH | ||
| NVIDIA Installer for Windows contains a vulnerability where an attacker may be able to escalate privileges. A successful exploit of this vulnerability may lead to escalation of privileges, denial of service, code execution, information disclosure and data tampering. | |||||
| CVE-2023-32256 | 2025-08-04 | N/A | 7.5 HIGH | ||
| A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue. | |||||
| CVE-2025-7443 | 2025-08-04 | N/A | 8.1 HIGH | ||
| The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-51504 | 2025-08-04 | N/A | 7.6 HIGH | ||
| Microweber CMS 2.0 is vulnerable to Cross Site Scripting (XSS)in the /projects/profile, homepage endpoint via the last name field. | |||||
| CVE-2025-23277 | 2025-08-04 | N/A | 7.3 HIGH | ||
| NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure. | |||||
| CVE-2025-5999 | 2025-08-04 | N/A | 7.2 HIGH | ||
| A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22. | |||||
| CVE-2025-6754 | 2025-08-04 | N/A | 8.8 HIGH | ||
| The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seo_metrics_handle_connect_button_click() AJAX handler and the seo_metrics_handle_custom_endpoint() function in versions 1.0.5 through 1.0.15. Because the AJAX action only verifies a nonce, without checking the caller’s capabilities, a subscriber-level user can retrieve the token and then access the custom endpoint to obtain full administrator cookies. | |||||
| CVE-2025-7725 | 2025-08-04 | N/A | 7.2 HIGH | ||
| The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment feature in all versions up to, and including, 26.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||