Total
305640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0140 | 2025-07-30 | N/A | N/A | ||
| An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtectâ„¢ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. | |||||
| CVE-2025-0982 | 1 Google | 1 Application Integration | 2025-07-30 | N/A | 10.0 CRITICAL |
| Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript execution engine. No further fix actions are needed. | |||||
| CVE-2025-22992 | 1 Openenergymonitor | 1 Emoncms | 2025-07-30 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions. | |||||
| CVE-2025-0896 | 1 Orthanc-server | 1 Orthanc | 2025-07-30 | N/A | 9.8 CRITICAL |
| Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker. | |||||
| CVE-2025-0838 | 2 Abseil, Debian | 2 Common Libraries, Debian Linux | 2025-07-30 | N/A | 9.8 CRITICAL |
| There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 | |||||
| CVE-2024-37183 | 1 Westermo | 2 L210-f2g, L210-f2g Firmware | 2025-07-30 | N/A | 5.7 MEDIUM |
| Plain text credentials and session ID can be captured with a network sniffer. | |||||
| CVE-2025-8249 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s3.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-32943 | 1 Westermo | 2 L210-f2g, L210-f2g Firmware | 2025-07-30 | N/A | 7.5 HIGH |
| An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly. | |||||
| CVE-2025-8250 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8251 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8269 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8270 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8271 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8272 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8273 | 1 Code-projects | 1 Exam Form Submission | 2025-07-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1041 | 1 Avaya | 1 Call Management System | 2025-07-30 | N/A | 9.9 CRITICAL |
| An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. | |||||
| CVE-2024-35246 | 1 Westermo | 2 L210-f2g Lynx, L210-f2g Lynx Firmware | 2025-07-30 | N/A | 7.5 HIGH |
| An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly. | |||||
| CVE-2024-5980 | 1 Lightningai | 1 Pytorch Lightning | 2025-07-30 | N/A | 9.8 CRITICAL |
| A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution. | |||||
| CVE-2024-6038 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-30 | N/A | 7.5 HIGH |
| A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability. | |||||
| CVE-2023-20004 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2025-07-30 | N/A | 4.4 MEDIUM |
| Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account. Note: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | |||||