Total
11458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24484 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24486 | 2025-08-13 | N/A | 7.8 HIGH | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-4277 | 2025-08-13 | N/A | 7.5 HIGH | ||
| Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2025-4276 | 2025-08-13 | N/A | 7.5 HIGH | ||
| UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2025-4410 | 2025-08-13 | N/A | 7.5 HIGH | ||
| A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code. | |||||
| CVE-2025-52894 | 1 Openbao | 1 Openbao | 2025-08-12 | N/A | 7.5 HIGH |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. In OpenBao v2.2.0 and later, manually setting the configuration option `disable_unauthed_rekey_endpoints=true` allows an operator to deny these rarely-used endpoints on global listeners. A patch is available at commit fe75468822a22a88318c6079425357a02ae5b77b. In a future OpenBao release communicated on OpenBao's website, the maintainers will set this to `true` for all users and provide an authenticated alternative. As a workaround, if an active proxy or load balancer sits in front of OpenBao, an operator can deny requests to these endpoints from unauthorized IP ranges. | |||||
| CVE-2025-25212 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | |||||
| CVE-2025-54614 | 1 Huawei | 1 Harmonyos | 2025-08-12 | N/A | 6.2 MEDIUM |
| Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-29821 | 1 Microsoft | 3 Dynamics 365 Business Central 2023, Dynamics 365 Business Central 2024, Dynamics 365 Business Central 2025 | 2025-08-12 | N/A | 5.5 MEDIUM |
| Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally. | |||||
| CVE-2024-13943 | 1 Tesla | 2 Model S, Model S Firmware | 2025-08-12 | N/A | 7.8 HIGH |
| Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the QCMAP_ConnectionManager component. An attacker can abuse the service to assign LAN addresses to the WWAN. An attacker can leverage this vulnerability to access network services that were only intended to be exposed to the internal LAN. Was ZDI-CAN-23199. | |||||
| CVE-2024-52051 | 2025-08-12 | N/A | 7.3 HIGH | ||
| A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions < V19 Update 4), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions < V19 Update 4), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions < V19 Update 4), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user. | |||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-12 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2025-55006 | 2025-08-11 | N/A | 4.3 MEDIUM | ||
| Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content. Malicious SVG files could be used to execute arbitrary scripts in the context of other users. A fix for this issue is planned for version 2.34.0. | |||||
| CVE-2025-54642 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 6.7 MEDIUM |
| Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54641 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 6.7 MEDIUM |
| Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54636 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 4.4 MEDIUM |
| Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2023-28578 | 1 Qualcomm | 680 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 677 more | 2025-08-11 | N/A | 9.3 CRITICAL |
| Memory corruption in Core Services while executing the command for removing a single event listener. | |||||
| CVE-2023-33104 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | N/A | 7.5 HIGH |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. | |||||
| CVE-2024-21453 | 1 Qualcomm | 26 C-v2x 9150, C-v2x 9150 Firmware, Qcs410 and 23 more | 2025-08-11 | N/A | 7.5 HIGH |
| Transient DOS while decoding message of size that exceeds the available system memory. | |||||
| CVE-2023-33042 | 1 Qualcomm | 148 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 145 more | 2025-08-11 | N/A | 7.5 HIGH |
| Transient DOS in Modem after RRC Setup message is received. | |||||