Total
11458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20495 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-15 | N/A | 8.6 HIGH |
| A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | N/A | 6.5 MEDIUM |
| Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | |||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-8876 | 1 N-able | 1 N-central | 2025-08-15 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | |||||
| CVE-2025-8963 | 2025-08-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | |||||
| CVE-2025-7507 | 2025-08-15 | N/A | 6.4 MEDIUM | ||
| The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain. | |||||
| CVE-2025-7971 | 2025-08-15 | N/A | N/A | ||
| A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash. | |||||
| CVE-2021-27923 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27922 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2025-44779 | 1 Ollama | 1 Ollama | 2025-08-14 | N/A | 6.6 MEDIUM |
| An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. | |||||
| CVE-2025-48913 | 1 Apache | 1 Cxf | 2025-08-14 | N/A | 9.8 CRITICAL |
| If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. | |||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | N/A | 4.0 MEDIUM |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | |||||
| CVE-2025-27388 | 2025-08-14 | N/A | N/A | ||
| Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens. | |||||
| CVE-2025-54785 | 1 Salesagility | 1 Suitecrm | 2025-08-13 | N/A | 8.8 HIGH |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1. | |||||
| CVE-2025-24325 | 2025-08-13 | N/A | 8.8 HIGH | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-32004 | 2025-08-13 | N/A | 3.9 LOW | ||
| Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-27537 | 2025-08-13 | N/A | 5.5 MEDIUM | ||
| Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-21086 | 2025-08-13 | N/A | 7.5 HIGH | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. | |||||
| CVE-2025-24296 | 2025-08-13 | N/A | 6.0 MEDIUM | ||
| Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. | |||||