Total
94862 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54829 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54828 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54827 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54826 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54825 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54824 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54823 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2023-41674 | 2025-07-31 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-7356 | 2025-07-30 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-11478 | 2025-07-30 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-54582 | 2025-07-30 | N/A | N/A | ||
| Rejected reason: Reason: This candidate was issued in error. Valid Netty requests are issued via https://github.com/netty/netty. | |||||
| CVE-2025-0140 | 2025-07-30 | N/A | N/A | ||
| An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. | |||||
| CVE-2016-15046 | 2025-07-30 | N/A | N/A | ||
| A client-side remote code execution vulnerability exists in Hanwha Techwin Smart Security Manager (SSM) versions 1.32 and 1.4, due to improper restrictions on the PUT method exposed by the bundled Apache ActiveMQ instance (running on port 8161). An attacker can exploit this flaw through a Cross-Origin Resource Sharing (CORS) bypass combined with JavaScript-triggered file uploads to the web server, ultimately resulting in arbitrary code execution with SYSTEM privileges. This vulnerability bypasses the server-side mitigations introduced in ZDI-15-156 and ZDI-16-481 by shifting the exploitation to the client-side. This product is now referred to as Hanwha Wisenet SSM and it is unknown if current versions are affected. | |||||
| CVE-2025-38085 | 2025-07-30 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse. | |||||
| CVE-2025-38084 | 2025-07-30 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are taken - which is too early, it allows racing VMA-locked page faults in our process and racing rmap walks from other processes to cause page tables to be shared again before we actually perform the split. Fix it by explicitly calling into the hugetlb unshare logic from __split_vma() in the same place where THP splitting also happens. At that point, both the VMA and the rmap(s) are write-locked. An annoying detail is that we can now call into the helper hugetlb_unshare_pmds() from two different locking contexts: 1. from hugetlb_split(), holding: - mmap lock (exclusively) - VMA lock - file rmap lock (exclusively) 2. hugetlb_unshare_all_pmds(), which I think is designed to be able to call us with only the mmap lock held (in shared mode), but currently only runs while holding mmap lock (exclusively) and VMA lock Backporting note: This commit fixes a racy protection that was introduced in commit b30c14cd6102 ("hugetlb: unshare some PMDs when splitting VMAs"); that commit claimed to fix an issue introduced in 5.13, but it should actually also go all the way back. [jannh@google.com: v2] | |||||
| CVE-2025-54432 | 2025-07-29 | N/A | N/A | ||
| Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708. | |||||
| CVE-2025-54420 | 2025-07-29 | N/A | N/A | ||
| Rejected reason: This CVE is a duplicate of CVE-2025-8129. | |||||
| CVE-2014-9194 | 1 Arbiter | 1 1094b Gps Substation Clock | 2025-07-29 | 5.4 MEDIUM | N/A |
| Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. | |||||
| CVE-2014-125116 | 2025-07-29 | N/A | N/A | ||
| A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional. | |||||
| CVE-2014-125114 | 2025-07-29 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash. | |||||