Total
10828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27241 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Workplace and 2 more | 2025-08-20 | N/A | 5.3 MEDIUM |
| Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component. | |||||
| CVE-2024-45422 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-08-19 | N/A | 6.5 MEDIUM |
| Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-7693 | 2025-08-18 | N/A | N/A | ||
| A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF015. To recover, clear the fault. | |||||
| CVE-2025-52620 | 2025-08-18 | N/A | 4.3 MEDIUM | ||
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | |||||
| CVE-2025-9060 | 2025-08-18 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above. | |||||
| CVE-2025-6625 | 2025-08-18 | N/A | 7.5 HIGH | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. | |||||
| CVE-2024-20495 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-15 | N/A | 8.6 HIGH |
| A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | N/A | 6.5 MEDIUM |
| Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | |||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-8876 | 1 N-able | 1 N-central | 2025-08-15 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | |||||
| CVE-2025-8963 | 2025-08-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | |||||
| CVE-2025-7971 | 2025-08-15 | N/A | N/A | ||
| A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. | |||||
| CVE-2025-7507 | 2025-08-15 | N/A | 6.4 MEDIUM | ||
| The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain. | |||||
| CVE-2021-27923 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27922 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2025-44779 | 1 Ollama | 1 Ollama | 2025-08-14 | N/A | 6.6 MEDIUM |
| An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. | |||||
| CVE-2025-48913 | 1 Apache | 1 Cxf | 2025-08-14 | N/A | 9.8 CRITICAL |
| If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. | |||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | N/A | 4.0 MEDIUM |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | |||||