Total
303996 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7417 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7418 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7419 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49739 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-07-16 | N/A | 8.8 HIGH |
| Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. | |||||
| CVE-2025-7420 | 1 Tenda | 2 O3, O3 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7408 | 1 Pushpam02 | 1 Zoo Management System | 2025-07-16 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49733 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-07-16 | N/A | 7.8 HIGH |
| Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-6674 | 1 Gabderrahim | 1 Ckeditor5 Youtube | 2025-07-16 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3. | |||||
| CVE-2025-49732 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49730 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-16 | N/A | 7.8 HIGH |
| Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-20924 | 1 Samsung | 1 Notes | 2025-07-16 | N/A | 4.6 MEDIUM |
| Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. | |||||
| CVE-2025-20925 | 1 Samsung | 1 Notes | 2025-07-16 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in applying binary of text data in Samsung Notes prior to version 4.4.26.71 allows local attackers to potentially read memory. | |||||
| CVE-2025-20927 | 1 Samsung | 1 Notes | 2025-07-16 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in parsing image data in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. | |||||
| CVE-2025-5234 | 1 Jegstudio | 1 Gutenverse News | 2025-07-16 | N/A | 6.4 MEDIUM |
| The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-20928 | 1 Samsung | 1 Notes | 2025-07-16 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in parsing wbmp image in Samsung Notes prior to vaersion 4.4.26.71 allows local attackers to access out-of-bounds memory. | |||||
| CVE-2025-5490 | 1 Antoineh | 1 Football Pool | 2025-07-16 | N/A | 5.5 MEDIUM |
| The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | |||||
| CVE-2025-4774 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-07-16 | N/A | 6.4 MEDIUM |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-38459 | 1 Langchain | 1 Langchain-experimental | 2025-07-16 | N/A | 7.8 HIGH |
| langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. | |||||
| CVE-2024-3648 | 1 Sharethis | 1 Sharethis Share Buttons | 2025-07-16 | N/A | 6.4 MEDIUM |
| The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4577 | 1 Wpbeginner | 1 Smash Balloon Social Post Feed | 2025-07-16 | N/A | 6.4 MEDIUM |
| The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||