Total
306387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27105 | 1 Frappe | 1 Frappe | 2025-07-31 | N/A | 8.1 HIGH |
| Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2024-24813 | 1 Frappe | 1 Frappe | 2025-07-31 | N/A | 7.5 HIGH |
| Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2025-51569 | 2025-07-31 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to inject arbitrary JavaScript, which is executed in the context of the router's origin when the crafted URL is accessed. The issue requires user interaction to exploit. | |||||
| CVE-2025-50270 | 2025-07-31 | N/A | 6.1 MEDIUM | ||
| A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to the title, categoryTitle, and tmpTag parameters. | |||||
| CVE-2025-4057 | 2025-07-31 | N/A | 5.5 MEDIUM | ||
| A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies. | |||||
| CVE-2025-29557 | 2025-07-31 | N/A | 5.4 MEDIUM | ||
| ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords. | |||||
| CVE-2025-29556 | 2025-07-31 | N/A | 7.3 HIGH | ||
| ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval. | |||||
| CVE-2024-34328 | 2025-07-31 | N/A | 6.3 MEDIUM | ||
| An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL. | |||||
| CVE-2025-43218 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted USD file may disclose memory contents. | |||||
| CVE-2025-43217 | 1 Apple | 2 Ipados, Iphone Os | 2025-07-31 | N/A | 4.0 MEDIUM |
| The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6. Privacy Indicators for microphone or camera access may not be correctly displayed. | |||||
| CVE-2025-43216 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-31 | N/A | 6.5 MEDIUM |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-43215 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may result in disclosure of process memory. | |||||
| CVE-2025-43214 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-31 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-43213 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-07-31 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-43244 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-43243 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-43224 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-31 | N/A | 7.1 HIGH |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2025-43223 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-31 | N/A | 7.5 HIGH |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged user may be able to modify restricted network settings. | |||||
| CVE-2025-43222 | 1 Apple | 2 Ipados, Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An attacker may be able to cause unexpected app termination. | |||||
| CVE-2025-54528 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | N/A | 5.4 MEDIUM |
| In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow | |||||