Total
32069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49050 | 1 Microsoft | 1 Python | 2025-07-15 | N/A | 8.8 HIGH |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||||
| CVE-2020-17163 | 1 Microsoft | 1 Python | 2025-07-15 | N/A | 7.8 HIGH |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||||
| CVE-2025-43559 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2025-43563 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2025-30281 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2025-3067 | 1 Google | 2 Android, Chrome | 2025-07-15 | N/A | 8.8 HIGH |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) | |||||
| CVE-2024-1968 | 1 Scrapy | 1 Scrapy | 2025-07-15 | N/A | 7.5 HIGH |
| In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware. | |||||
| CVE-2024-8613 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of other users. | |||||
| CVE-2024-5216 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-15 | N/A | 7.5 HIGH |
| A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance. | |||||
| CVE-2024-8984 | 1 Litellm | 1 Litellm | 2025-07-15 | N/A | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource consumption and rendering the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | |||||
| CVE-2025-21005 | 1 Samsung | 1 Android | 2025-07-15 | N/A | 5.5 MEDIUM |
| Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information. | |||||
| CVE-2024-6090 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate. | |||||
| CVE-2024-6036 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 9.1 CRITICAL |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity. | |||||
| CVE-2024-6037 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 9.1 CRITICAL |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption. | |||||
| CVE-2024-48828 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | N/A | 5.5 MEDIUM |
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2025-21000 | 1 Samsung | 1 Android | 2025-07-14 | N/A | 6.2 MEDIUM |
| Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth. | |||||
| CVE-2025-21001 | 1 Samsung | 1 Android | 2025-07-14 | N/A | 6.2 MEDIUM |
| Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast. | |||||
| CVE-2024-34043 | 1 Linuxfoundation | 1 Ric-app-kpimon-go | 2025-07-14 | N/A | 5.3 MEDIUM |
| O-RAN RICAPP kpimon-go I-Release has a segmentation violation via a certain E2AP-PDU message. | |||||
| CVE-2024-10650 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-14 | N/A | 7.5 HIGH |
| An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio. | |||||
| CVE-2024-5208 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-12 | N/A | 6.5 MEDIUM |
| An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability. | |||||