Total
304244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48703 | 1 Linux | 1 Linux Kernel | 2025-07-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or NULL value in data_vault. | |||||
| CVE-2024-20850 | 1 Samsung | 1 Samsung Pay | 2025-07-17 | N/A | 6.2 MEDIUM |
| Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay. | |||||
| CVE-2024-20852 | 1 Samsung | 1 Smartthings | 2025-07-17 | N/A | 5.9 MEDIUM |
| Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. | |||||
| CVE-2024-24724 | 1 Gibbonedu | 1 Gibbon | 2025-07-17 | N/A | 9.8 CRITICAL |
| Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization. | |||||
| CVE-2024-0873 | 1 Kibokolabs | 1 Watu Quiz | 2025-07-17 | N/A | 6.4 MEDIUM |
| The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2020-15522 | 1 Bouncycastle | 4 Bc-csharp, Bouncy Castle Fips .net Api, Fips Java Api and 1 more | 2025-07-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. | |||||
| CVE-2020-26939 | 1 Bouncycastle | 2 Fips Java Api, Legion-of-the-bouncy-castle | 2025-07-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. | |||||
| CVE-2023-52927 | 1 Linux | 1 Linux Kernel | 2025-07-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. | |||||
| CVE-2025-4405 | 1 Hot-themes | 1 Hot Random Image | 2025-07-17 | N/A | 4.9 MEDIUM |
| The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-4419 | 1 Hot-themes | 1 Hot Random Image | 2025-07-17 | N/A | 4.3 MEDIUM |
| The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory. | |||||
| CVE-2022-39983 | 1 Instantdeveloper | 1 Rd3 | 2025-07-17 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Pro Gamma Instant Developer RD3 22.5 r23, r30, and possibly earlier versions, allows attackers to execute arbitrary code. | |||||
| CVE-2025-48918 | 1 1xinternet | 1 Simple Klaro | 2025-07-17 | N/A | 8.8 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |||||
| CVE-2025-48919 | 1 1xinternet | 1 Simple Klaro | 2025-07-17 | N/A | 5.0 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |||||
| CVE-2024-12063 | 1 Pribai | 1 Privategpt | 2025-07-17 | N/A | 7.5 HIGH |
| A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable to legitimate users. | |||||
| CVE-2025-52497 | 1 Arm | 1 Mbed Tls | 2025-07-17 | N/A | 4.8 MEDIUM |
| Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input. | |||||
| CVE-2025-49601 | 1 Arm | 1 Mbed Tls | 2025-07-17 | N/A | 4.8 MEDIUM |
| In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input. | |||||
| CVE-2025-49600 | 1 Arm | 1 Mbed Tls | 2025-07-17 | N/A | 4.9 MEDIUM |
| In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification. | |||||
| CVE-2025-27809 | 1 Arm | 1 Mbed Tls | 2025-07-17 | N/A | 5.4 MEDIUM |
| Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. | |||||
| CVE-2025-25724 | 1 Libarchive | 1 Libarchive | 2025-07-17 | N/A | 4.0 MEDIUM |
| list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. | |||||
| CVE-2025-0452 | 1 Dbgpt | 1 Db-gpt | 2025-07-17 | N/A | 8.2 HIGH |
| eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete any files on the host system by manipulating the 'plugin_repo_name' variable. | |||||