Total
304384 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48913 | 1 Apache | 1 Cxf | 2025-08-14 | N/A | 9.8 CRITICAL |
| If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. | |||||
| CVE-2023-38264 | 1 Ibm | 1 Java Software Development Kit | 2025-08-14 | N/A | 5.9 MEDIUM |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | |||||
| CVE-2023-43040 | 1 Ibm | 1 Storage Fusion Hci | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. | |||||
| CVE-2023-51636 | 1 Avira | 1 Avira Prime | 2025-08-14 | N/A | 7.8 HIGH |
| Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21600. | |||||
| CVE-2023-51637 | 1 Santesoft | 1 Sante Pacs Server | 2025-08-14 | N/A | 9.8 CRITICAL |
| Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the DICOM service, which listens on TCP port 11122 by default. When parsing the NAME element of the PATIENT record, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21579. | |||||
| CVE-2024-4454 | 2 Microsoft, Withsecure | 5 Windows, Client Security, Elements Endpoint Protection and 2 more | 2025-08-14 | N/A | 7.8 HIGH |
| WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. | |||||
| CVE-2024-10383 | 1 Gitlab | 1 Gitlab | 2025-08-14 | N/A | 8.7 HIGH |
| An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE | |||||
| CVE-2024-51461 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | N/A | 4.3 MEDIUM |
| IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | |||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | N/A | 4.0 MEDIUM |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | |||||
| CVE-2024-37312 | 1 Nextcloud | 1 User Oidc | 2025-08-14 | N/A | 6.3 MEDIUM |
| user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28). | |||||
| CVE-2025-8975 | 2025-08-14 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named 84c11d69df8452dc378feecd17e2a62ac10dac66. It is recommended to upgrade the affected component. | |||||
| CVE-2025-55716 | 2025-08-14 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15. | |||||
| CVE-2025-55714 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS. This issue affects JetElements For Elementor: from n/a through 2.7.9. | |||||
| CVE-2025-55713 | 2025-08-14 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeThemes Blocksy allows Stored XSS. This issue affects Blocksy: from n/a through 2.1.6. | |||||
| CVE-2025-55712 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.3.13. | |||||
| CVE-2025-55711 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Stored XSS. This issue affects WP Table Builder: from n/a through 2.0.12. | |||||
| CVE-2025-55710 | 2025-08-14 | N/A | 4.3 MEDIUM | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress allows Retrieve Embedded Sensitive Data. This issue affects TaxoPress: from n/a through 3.37.2. | |||||
| CVE-2025-55709 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visual Composer Visual Composer Website Builder allows Stored XSS. This issue affects Visual Composer Website Builder: from n/a through n/a. | |||||
| CVE-2025-55708 | 2025-08-14 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master allows SQL Injection. This issue affects Quiz And Survey Master: from n/a through 10.2.4. | |||||
| CVE-2025-54749 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetProductGallery allows Stored XSS. This issue affects JetProductGallery: from n/a through 2.2.0.2. | |||||