Total
306523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46824 | 2025-08-20 | N/A | 3.1 LOW | ||
| The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin. As a workaround, one may disable the plugin. | |||||
| CVE-2025-43757 | 2025-08-20 | N/A | N/A | ||
| A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter. | |||||
| CVE-2025-24975 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf. | |||||
| CVE-2025-8019 | 1 Szlbt | 2 Lbt-t300-t310, Lbt-t300-t310 Firmware | 2025-08-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46198 | 1 Getgrav | 1 Grav | 2025-08-20 | N/A | 8.8 HIGH |
| Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element | |||||
| CVE-2025-21440 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 95 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | |||||
| CVE-2025-26063 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-08-20 | N/A | 9.8 CRITICAL |
| An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network. | |||||
| CVE-2025-26064 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-08-20 | N/A | 7.3 HIGH |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | |||||
| CVE-2025-7204 | 1 Connectwise | 1 Professional Service Automation | 2025-08-20 | N/A | 6.5 MEDIUM |
| In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users could then retrieve these hashes. An attacker or privileged user could then use these exposed hashes to conduct offline brute-force or dictionary attacks. Such attacks could lead to credential compromise, allowing unauthorized access to accounts, and potentially privilege escalation within the system. | |||||
| CVE-2024-56468 | 1 Ibm | 1 Infosphere Data Replication | 2025-08-20 | N/A | 7.5 HIGH |
| IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. | |||||
| CVE-2025-27073 | 1 Qualcomm | 340 Ar8035, Ar8035 Firmware, Csr8811 and 337 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while creating NDP instance. | |||||
| CVE-2025-27065 | 1 Qualcomm | 300 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 297 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing a frame with malformed shared-key descriptor. | |||||
| CVE-2025-21477 | 1 Qualcomm | 178 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 175 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing CCCH data when NW sends data with invalid length. | |||||
| CVE-2025-21456 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, C-v2x 9150 and 125 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. | |||||
| CVE-2025-54608 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 6.2 MEDIUM |
| Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. | |||||
| CVE-2025-21455 | 1 Qualcomm | 58 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while submitting blob data to kernel space though IOCTL. | |||||
| CVE-2024-32006 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-20 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. | |||||
| CVE-2024-38365 | 1 Btcd Project | 1 Btcd | 2025-08-20 | N/A | 7.4 HIGH |
| btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = "<data> <data||foo>"` and `dataToRemove = "data"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2025-21452 | 1 Qualcomm | 160 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 157 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network. | |||||
| CVE-2025-9240 | 2025-08-20 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | |||||