Total
303323 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48831 | 1 Dell | 1 Smartfabric Os10 | 2025-07-14 | N/A | 8.4 HIGH |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, contain(s) a Use of Hard-coded Password vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2023-50805 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-07-14 | N/A | 8.1 HIGH |
| A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G (no auth). | |||||
| CVE-2024-29855 | 1 Veeam | 1 Recovery Orchestrator | 2025-07-14 | N/A | 9.0 CRITICAL |
| Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator | |||||
| CVE-2024-9437 | 1 Superagi | 1 Superagi | 2025-07-14 | N/A | 7.5 HIGH |
| SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service. | |||||
| CVE-2024-9439 | 1 Superagi | 1 Superagi | 2025-07-14 | N/A | 8.8 HIGH |
| SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise. | |||||
| CVE-2025-2251 | 2025-07-14 | N/A | 6.2 MEDIUM | ||
| A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication. | |||||
| CVE-2025-2744 | 1 Iocoder | 1 Ruoyi-vue-pro | 2025-07-14 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-3618 | 1 Rockwellautomation | 1 Thinmanager | 2025-07-14 | N/A | 5.5 MEDIUM |
| A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial-of-service on the target software. | |||||
| CVE-2025-3617 | 1 Rockwellautomation | 1 Thinmanager | 2025-07-14 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges. | |||||
| CVE-2025-6436 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-6435 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 8.1 HIGH |
| If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-6434 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 4.3 MEDIUM |
| The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-6433 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 9.8 CRITICAL |
| If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-6432 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 8.6 HIGH |
| When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-6430 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 6.1 MEDIUM |
| When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | |||||
| CVE-2025-6429 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 6.5 MEDIUM |
| Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | |||||
| CVE-2025-6427 | 1 Mozilla | 1 Firefox | 2025-07-14 | N/A | 9.1 CRITICAL |
| An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140. | |||||
| CVE-2025-6426 | 2 Apple, Mozilla | 2 Macos, Firefox | 2025-07-14 | N/A | 8.8 HIGH |
| The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. | |||||
| CVE-2025-2285 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2287 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||