Total
306485 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43229 | 1 Apple | 2 Macos, Safari | 2025-08-01 | N/A | 6.1 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2025-43230 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-08-01 | N/A | 4.0 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. An app may be able to access user-sensitive data. | |||||
| CVE-2025-43232 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2025-43234 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-08-01 | N/A | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination. | |||||
| CVE-2025-43233 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app acting as a HTTPS proxy could get access to sensitive user data. | |||||
| CVE-2025-43235 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause a denial-of-service. | |||||
| CVE-2025-43237 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 9.8 CRITICAL |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-43239 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 7.1 HIGH |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination. | |||||
| CVE-2025-43240 | 1 Apple | 2 Macos, Safari | 2025-08-01 | N/A | 6.2 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated. | |||||
| CVE-2025-43241 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 5.5 MEDIUM |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to read files outside of its sandbox. | |||||
| CVE-2025-43259 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 4.6 MEDIUM |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information. | |||||
| CVE-2025-43260 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 5.1 MEDIUM |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps. | |||||
| CVE-2025-43261 | 1 Apple | 1 Macos | 2025-08-01 | N/A | 9.8 CRITICAL |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox. | |||||
| CVE-2025-43265 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2025-08-01 | N/A | 4.0 MEDIUM |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app. | |||||
| CVE-2025-0150 | 1 Zoom | 2 Meeting Software Development Kit, Workplace | 2025-08-01 | N/A | 7.1 HIGH |
| Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-0330 | 1 Litellm | 1 Litellm | 2025-08-01 | N/A | 7.5 HIGH |
| In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests. | |||||
| CVE-2025-41377 | 2025-08-01 | N/A | N/A | ||
| A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php. | |||||
| CVE-2025-29778 | 1 Kyverno | 1 Kyverno | 2025-08-01 | N/A | 5.8 MEDIUM |
| Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue. | |||||
| CVE-2024-8551 | 1 Modelscope | 1 Agentscope | 2025-08-01 | N/A | 9.1 CRITICAL |
| A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords. | |||||
| CVE-2024-6839 | 1 Flask-cors Project | 1 Flask-cors | 2025-08-01 | N/A | 5.3 MEDIUM |
| corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors. | |||||