Total
309440 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9801 | 2025-09-02 | 5.5 MEDIUM | 5.4 MEDIUM | ||
| A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 45372aece5e05e04b417442417416a52e90ba174. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2025-46810 | 2025-09-02 | N/A | N/A | ||
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29. | |||||
| CVE-2025-52550 | 2025-09-02 | N/A | N/A | ||
| E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade. | |||||
| CVE-2025-52543 | 2025-09-02 | N/A | N/A | ||
| E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash. | |||||
| CVE-2025-9799 | 2025-09-02 | 4.6 MEDIUM | 5.0 MEDIUM | ||
| A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited. | |||||
| CVE-2024-58259 | 2025-09-02 | N/A | 8.2 HIGH | ||
| A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS). | |||||
| CVE-2025-9800 | 2025-09-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. This patch is called 45372aece5e05e04b417442417416a52e90ba174. A patch should be applied to remediate this issue. | |||||
| CVE-2025-47696 | 2025-09-02 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7. | |||||
| CVE-2025-5662 | 2025-09-02 | N/A | 9.8 CRITICAL | ||
| A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present in the MySQL JDBC Driver version 8.0.19 and JDK version 8u112. The issue is resolved in version 3.46.0.8. | |||||
| CVE-2025-57799 | 2025-09-02 | N/A | N/A | ||
| StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822. | |||||
| CVE-2024-28182 | 3 Debian, Fedoraproject, Nghttp2 | 3 Debian Linux, Fedora, Nghttp2 | 2025-09-02 | N/A | 5.3 MEDIUM |
| nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. | |||||
| CVE-2022-26083 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2025-09-02 | N/A | 7.5 HIGH |
| Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2024-28952 | 2 Intel, Microsoft | 3 Integrated Performance Primitives, Oneapi Base Toolkit, Windows | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-32483 | 1 Intel | 1 Endpoint Management Assistant | 2025-09-02 | N/A | 8.2 HIGH |
| Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-29191 | 1 Alexxit | 1 Go2rtc | 2025-09-02 | N/A | 6.1 MEDIUM |
| gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue. | |||||
| CVE-2024-47884 | 2025-09-02 | N/A | N/A | ||
| foxmarks is a CLI read-only interface for Firefox's bookmarks and history. A temporary file was created under the /tmp directory with read permissions for all users containing a copy of Firefox's database of bookmarks, history, input history, visits counter, use counter, view counter and more confidential information about the history of using Firefox. Permissions default to 0o600 for NamedTempFile. However, after copying the database, its permissions were copied with it resulting in an insecure file with 0x644 permissions. A malicious user is able to read the database when the targeted user executes foxmarks bookmarks or foxmarks history. This vulnerability is patched in v2.1.0. | |||||
| CVE-2024-36245 | 1 Intel | 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler | 2025-09-02 | N/A | 6.7 MEDIUM |
| Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-37027 | 1 Intel | 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler | 2025-09-02 | N/A | 6.1 MEDIUM |
| Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-30266 | 1 Bytecodealliance | 1 Wasmtime | 2025-09-02 | N/A | 3.3 LOW |
| wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. | |||||
| CVE-2024-39283 | 1 Intel | 1 Tdx Module | 2025-09-02 | N/A | 6.0 MEDIUM |
| Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||