Total
304508 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6020 | 2025-07-21 | N/A | 7.8 HIGH | ||
| A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | |||||
| CVE-2024-8017 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 9.0 CRITICAL |
| An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat history, deleting chats, and escalating their own account to an admin if the victim is an admin. | |||||
| CVE-2024-7990 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 8.4 HIGH |
| A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. This allows an attacker to inject malicious scripts that can be executed by any user, including administrators, potentially leading to arbitrary code execution. | |||||
| CVE-2024-7983 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 7.5 HIGH |
| In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server becomes unresponsive to other requests until the conversion is complete. | |||||
| CVE-2024-7959 | 1 Openwebui | 1 Open Webui | 2025-07-21 | N/A | 7.7 HIGH |
| The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets. | |||||
| CVE-2024-7760 | 1 Aimstack | 1 Aim | 2025-07-21 | N/A | 9.6 CRITICAL |
| aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write. | |||||
| CVE-2025-21445 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host. | |||||
| CVE-2025-21444 | 1 Qualcomm | 54 Qam8255p, Qam8255p Firmware, Qam8295p and 51 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while copying the result to the transmission queue in EMAC. | |||||
| CVE-2025-21433 | 1 Qualcomm | 550 215 Mobile, 215 Mobile Firmware, Apq8017 and 547 more | 2025-07-21 | N/A | 6.2 MEDIUM |
| Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. | |||||
| CVE-2025-21432 | 1 Qualcomm | 492 Aqt1000, Aqt1000 Firmware, Ar8035 and 489 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while retrieving the CBOR data from TA. | |||||
| CVE-2025-21426 | 1 Qualcomm | 20 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon Ar1 Gen 1 Platform and 17 more | 2025-07-21 | N/A | 6.6 MEDIUM |
| Memory corruption while processing camera TPG write request. | |||||
| CVE-2025-21422 | 1 Qualcomm | 442 Aqt1000, Aqt1000 Firmware, Ar8035 and 439 more | 2025-07-21 | N/A | 7.1 HIGH |
| Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses. | |||||
| CVE-2024-53009 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8035 and 375 more | 2025-07-21 | N/A | 5.3 MEDIUM |
| Memory corruption while operating the mailbox in Automotive. | |||||
| CVE-2025-27042 | 1 Qualcomm | 690 215 Mobile, 215 Mobile Firmware, 315 5g Iot Modem and 687 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while processing video packets received from video firmware. | |||||
| CVE-2025-21466 | 1 Qualcomm | 80 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 77 more | 2025-07-21 | N/A | 7.8 HIGH |
| Memory corruption while processing a private escape command in an event trigger. | |||||
| CVE-2025-21454 | 1 Qualcomm | 384 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9206 Lte Modem and 381 more | 2025-07-21 | N/A | 7.5 HIGH |
| Transient DOS while processing received beacon frame. | |||||
| CVE-2025-21450 | 1 Qualcomm | 216 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 213 more | 2025-07-21 | N/A | 9.1 CRITICAL |
| Cryptographic issue occurs due to use of insecure connection method while downloading. | |||||
| CVE-2025-21449 | 1 Qualcomm | 370 315 5g Iot, 315 5g Iot Firmware, Apq8017 and 367 more | 2025-07-21 | N/A | 7.5 HIGH |
| Transient DOS may occur while processing malformed length field in SSID IEs. | |||||
| CVE-2025-21446 | 1 Qualcomm | 480 Ar8035, Ar8035 Firmware, Ar9380 and 477 more | 2025-07-21 | N/A | 7.5 HIGH |
| Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. | |||||
| CVE-2025-47189 | 2025-07-21 | N/A | 6.1 MEDIUM | ||
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392. | |||||