Total
302485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22463 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 7.3 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. | |||||
| CVE-2025-22455 | 1 Ivanti | 1 Workspace Control | 2025-07-10 | N/A | 8.8 HIGH |
| A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | |||||
| CVE-2025-27739 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-10 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-6763 | 1 Eclipse | 1 Jetty | 2025-07-10 | N/A | 3.7 LOW |
| Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. | |||||
| CVE-2025-29810 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.5 HIGH |
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-3466 | 1 Langgenius | 1 Dify | 2025-07-10 | N/A | 7.2 HIGH |
| langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to secret keys, internal network servers, and lateral movement within dify.ai. The issue is resolved in version 1.1.3. | |||||
| CVE-2025-24069 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-53377 | 1 Wegia | 1 Wegia | 2025-07-10 | N/A | 6.1 MEDIUM |
| WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_funcionario parameter. This vulnerability is fixed in 3.4.3. | |||||
| CVE-2025-26646 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, .net and 3 more | 2025-07-10 | N/A | 8.0 HIGH |
| External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-29803 | 1 Microsoft | 5 Sql Server Management Studio, Visual Studio Tools For Applications 2019, Visual Studio Tools For Applications 2019 Sdk and 2 more | 2025-07-10 | N/A | 7.3 HIGH |
| Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29819 | 1 Microsoft | 1 Windows Admin Center | 2025-07-10 | N/A | 6.2 MEDIUM |
| External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-29812 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-10 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29811 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-10 | N/A | 7.8 HIGH |
| Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29331 | 1 Mhsanaei | 1 3x-ui | 2025-07-10 | N/A | 9.8 CRITICAL |
| An issue in MHSanaei 3x-ui before v.2.5.3 and before allows a remote attacker to execute arbitrary code via the management script x-ui passes the no check certificate option to wget when downloading updates | |||||
| CVE-2025-52901 | 1 Filebrowser | 1 Filebrowser | 2025-07-10 | N/A | 4.5 MEDIUM |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token (JWT) which is used as a session identifier will get leaked to anyone having access to the URLs accessed by the user. This will give an attacker full access to a user's account and, in consequence, to all sensitive files the user has access to. This issue has been patched in version 2.33.9. | |||||
| CVE-2025-29809 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 7.1 HIGH |
| Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | |||||
| CVE-2025-4966 | 1 Hk1993 | 1 Wp Online Users Stats | 2025-07-10 | N/A | 6.1 MEDIUM |
| The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2025-4964 | 1 Hk1993 | 1 Wp Online Users Stats | 2025-07-10 | N/A | 4.9 MEDIUM |
| The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-5341 | 1 Wpmudev | 1 Forminator Forms | 2025-07-10 | N/A | 6.4 MEDIUM |
| The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-21171 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, .net and 3 more | 2025-07-10 | N/A | 7.5 HIGH |
| .NET Remote Code Execution Vulnerability | |||||