Total
30620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45663 | 1 Ibm | 1 Db2 | 2025-08-08 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-5969 | 1 Coderevolution | 1 Aiomatic | 2025-08-08 | N/A | 5.8 MEDIUM |
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | |||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-2469 | 1 Gitlab | 1 Gitlab | 2025-08-07 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | |||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | 5.4 MEDIUM |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | |||||
| CVE-2025-3777 | 1 Huggingface | 1 Transformers | 2025-08-07 | N/A | 3.5 LOW |
| Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1. | |||||
| CVE-2020-25078 | 1 Dlink | 18 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 15 more | 2025-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | |||||
| CVE-2020-25079 | 1 Dlink | 18 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 15 more | 2025-08-06 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. cgi-bin/ddns_enc.cgi allows authenticated command injection. | |||||
| CVE-2024-2878 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. | |||||
| CVE-2024-6356 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.4 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. | |||||
| CVE-2024-8266 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.4 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances. | |||||
| CVE-2024-7102 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 9.6 CRITICAL |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2025-1212 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information. | |||||
| CVE-2024-3303 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 6.4 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection. | |||||
| CVE-2025-0320 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | |||||
| CVE-2025-1222 | 2 Apple, Citrix | 2 Macos, Secure Access Client | 2025-08-06 | N/A | 6.1 MEDIUM |
| An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | |||||
| CVE-2025-6759 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | |||||
| CVE-2025-4879 | 1 Citrix | 1 Workspace | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||
| CVE-2025-43276 | 1 Apple | 1 Macos | 2025-08-06 | N/A | 5.3 MEDIUM |
| A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time. | |||||
| CVE-2024-1410 | 1 Cloudflare | 1 Quiche | 2025-08-06 | N/A | 3.7 LOW |
| Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions. | |||||