Total
306554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24975 | 2025-08-20 | N/A | 7.1 HIGH | ||
| Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf. | |||||
| CVE-2025-8019 | 1 Szlbt | 2 Lbt-t300-t310, Lbt-t300-t310 Firmware | 2025-08-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46198 | 1 Getgrav | 1 Grav | 2025-08-20 | N/A | 8.8 HIGH |
| Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element | |||||
| CVE-2025-21440 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 95 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | |||||
| CVE-2025-26063 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-08-20 | N/A | 9.8 CRITICAL |
| An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network. | |||||
| CVE-2025-26064 | 1 Intelbras | 4 Rx 1500, Rx 1500 Firmware, Rx 3000 and 1 more | 2025-08-20 | N/A | 7.3 HIGH |
| A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device. | |||||
| CVE-2025-7204 | 1 Connectwise | 1 Professional Service Automation | 2025-08-20 | N/A | 6.5 MEDIUM |
| In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users could then retrieve these hashes. An attacker or privileged user could then use these exposed hashes to conduct offline brute-force or dictionary attacks. Such attacks could lead to credential compromise, allowing unauthorized access to accounts, and potentially privilege escalation within the system. | |||||
| CVE-2024-56468 | 1 Ibm | 1 Infosphere Data Replication | 2025-08-20 | N/A | 7.5 HIGH |
| IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. | |||||
| CVE-2025-27073 | 1 Qualcomm | 340 Ar8035, Ar8035 Firmware, Csr8811 and 337 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while creating NDP instance. | |||||
| CVE-2025-27065 | 1 Qualcomm | 300 Ar8035, Ar8035 Firmware, Fastconnect 6800 and 297 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing a frame with malformed shared-key descriptor. | |||||
| CVE-2025-21477 | 1 Qualcomm | 178 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 175 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing CCCH data when NW sends data with invalid length. | |||||
| CVE-2025-21456 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, C-v2x 9150 and 125 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently. | |||||
| CVE-2025-54608 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 6.2 MEDIUM |
| Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. | |||||
| CVE-2025-21455 | 1 Qualcomm | 58 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 55 more | 2025-08-20 | N/A | 7.8 HIGH |
| Memory corruption while submitting blob data to kernel space though IOCTL. | |||||
| CVE-2024-32006 | 1 Siemens | 1 Sinema Remote Connect Client | 2025-08-20 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. | |||||
| CVE-2024-38365 | 1 Btcd Project | 1 Btcd | 2025-08-20 | N/A | 7.4 HIGH |
| btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference in behavior with the other Bitcoin clients can lead to btcd clients accepting an invalid Bitcoin block (or rejecting a valid one). This consensus failure can be leveraged to cause a chain split (accepting an invalid Bitcoin block) or be exploited to DoS the btcd nodes (rejecting a valid Bitcoin block). An attacker can create a standard transaction where FindAndDelete doesn't return a match but removeOpCodeByData does making btcd get a different sighash, leading to a chain split. Importantly, this vulnerability can be exploited remotely by any Bitcoin user and does not require any hash power. This is because the difference in behavior can be triggered by a "standard" Bitcoin transaction, that is a transaction which gets relayed through the P2P network before it gets included in a Bitcoin block. `removeOpcodeByData(script []byte, dataToRemove []byte)` removes any data pushes from `script` that contain `dataToRemove`. However, `FindAndDelete` only removes exact matches. So for example, with `script = "<data> <data||foo>"` and `dataToRemove = "data"` btcd will remove both data pushes but Bitcoin Core's `FindAndDelete` only removes the first `<data>` push. This has been patched in btcd version v0.24.2. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2025-21452 | 1 Qualcomm | 160 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 157 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network. | |||||
| CVE-2025-9240 | 2025-08-20 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-52955 | 2025-08-20 | N/A | 6.5 MEDIUM | ||
| An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. When the logical interface using a routing instance flaps continuously, specific updates are sent to the jflow/sflow modules. This results in memory corruption, leading to an rpd crash and restart. Continued receipt of these specific updates will cause a sustained Denial of Service condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * All versions of 21.4, * All versions of 22.2, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2. Junos OS Evolved: * All versions of 21.2-EVO, * All versions of 21.4-EVO, * All versions of 22.2-EVO, * from 22.4 before 22.4R3-S7-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO. | |||||
| CVE-2025-51543 | 2025-08-20 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint. | |||||