Total
95452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59415 | 2025-09-18 | N/A | 4.6 MEDIUM | ||
| Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. | |||||
| CVE-2025-0547 | 2025-09-18 | N/A | 4.7 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting (XSS).This issue affects Bizmu: from 2.27.0 through 20250212. | |||||
| CVE-2025-35436 | 2025-09-18 | N/A | 5.3 MEDIUM | ||
| CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27. | |||||
| CVE-2025-56648 | 2025-09-18 | N/A | 6.5 MEDIUM | ||
| npm parcel 2.0.0-alpha and before has an Origin Validation Error vulnerability. Malicious websites can send XMLHTTPRequests to the application's development server and read the response to steal source code when developers visit them. | |||||
| CVE-2025-54237 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2025-09-18 | N/A | 5.5 MEDIUM |
| Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-1118 | 2025-09-18 | N/A | 4.4 MEDIUM | ||
| A flaw was found in grub2. Grub's dump command is not blocked when grub is in lockdown mode, which allows the user to read any memory information, and an attacker may leverage this in order to extract signatures, salts, and other sensitive information from the memory. | |||||
| CVE-2025-0677 | 2025-09-18 | N/A | 6.4 MEDIUM | ||
| A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grub_malloc() may be called with a smaller value than needed. When further reading the data from the disk into the buffer, the grub_ufs_lookup_symlink() function will write past the end of the allocated size. An attack can leverage this by crafting a malicious filesystem, and as a result, it will corrupt data stored in the heap, allowing for arbitrary code execution used to by-pass secure boot mechanisms. | |||||
| CVE-2025-0622 | 2025-09-18 | N/A | 6.4 MEDIUM | ||
| A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If correctly exploited, this vulnerability may result in arbitrary code execution, eventually allowing the attacker to bypass secure boot protections. | |||||
| CVE-2024-45781 | 2025-09-18 | N/A | 6.7 MEDIUM | ||
| A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure boot protections. | |||||
| CVE-2024-45776 | 2025-09-18 | N/A | 6.7 MEDIUM | ||
| When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections. | |||||
| CVE-2025-8463 | 2025-09-18 | N/A | 5.3 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Parameter Injection.This issue affects SecHard: before 3.6.2-20250805. | |||||
| CVE-2025-46593 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 5.1 MEDIUM |
| Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-46591 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 6.2 MEDIUM |
| Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-46589 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 4.4 MEDIUM |
| Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2025-46588 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 4.4 MEDIUM |
| Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | |||||
| CVE-2025-46586 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 5.1 MEDIUM |
| Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-31174 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 6.8 MEDIUM |
| Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-31171 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 6.8 MEDIUM |
| File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-27521 | 1 Huawei | 1 Harmonyos | 2025-09-18 | N/A | 6.8 MEDIUM |
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-9136 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-18 | N/A | 6.7 MEDIUM |
| Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||