Total
306523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49707 | 1 Microsoft | 22 Dcadsv5-series Azure Vm, Dcadsv5-series Azure Vm Firmware, Dcasv5-series Azure Vm and 19 more | 2025-08-20 | N/A | 7.9 HIGH |
| Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | |||||
| CVE-2025-27031 | 1 Qualcomm | 42 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 39 more | 2025-08-20 | N/A | 7.8 HIGH |
| memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed. | |||||
| CVE-2025-27029 | 1 Qualcomm | 134 Fastconnect 7800, Fastconnect 7800 Firmware, Immersive Home 3210 Platform and 131 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing the tone measurement response buffer when the response buffer is out of range. | |||||
| CVE-2025-21486 | 1 Qualcomm | 62 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 59 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption during dynamic process creation call when client is only passing address and length of shell binary. | |||||
| CVE-2025-21485 | 1 Qualcomm | 58 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC. | |||||
| CVE-2024-53019 | 1 Qualcomm | 162 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 159 more | 2025-08-20 | N/A | 8.2 HIGH |
| Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources. | |||||
| CVE-2024-53018 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption may occur while processing the OIS packet parser. | |||||
| CVE-2024-53017 | 1 Qualcomm | 8 Sdm429w, Sdm429w Firmware, Snapdragon 429 Mobile Platform and 5 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption while handling test pattern generator IOCTL command. | |||||
| CVE-2025-7949 | 1 Publiccms | 1 Publiccms | 2025-08-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named c1e79f124e3f4c458315d908ed7dee06f9f12a76/f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-53016 | 1 Qualcomm | 68 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 65 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption while processing I2C settings in Camera driver. | |||||
| CVE-2024-53013 | 1 Qualcomm | 120 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 117 more | 2025-08-20 | N/A | 6.6 MEDIUM |
| Memory corruption may occur while processing voice call registration with user. | |||||
| CVE-2025-7953 | 1 Publiccms | 1 Publiccms | 2025-08-20 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named f1af17af004ca9345c6fe4d5936d87d008d26e75. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-21441 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 95 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | |||||
| CVE-2025-9246 | 2025-08-20 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9245 | 2025-08-20 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9244 | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9241 | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-55164 | 2025-08-20 | N/A | N/A | ||
| content-security-policy-parser parses content security policy directives. A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if a policy name is called __proto__, one can override the Object prototype. This issue has been patched in version 0.6.0. A workaround involves disabling prototype method in NodeJS, neutralizing all possible prototype pollution attacks. Provide either --disable-proto=delete (recommended) or --disable-proto=throw as an argument to node to enable this feature. | |||||
| CVE-2025-54939 | 2025-08-20 | N/A | 5.3 MEDIUM | ||
| LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. | |||||
| CVE-2025-53013 | 2025-08-20 | N/A | 5.2 MEDIUM | ||
| Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability. | |||||