Total
306554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43746 | 2025-08-20 | N/A | N/A | ||
| A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace and _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace parameter. | |||||
| CVE-2024-43382 | 1 Snowflake | 1 Snowflake Jdbc | 2025-08-20 | N/A | 5.9 MEDIUM |
| Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. | |||||
| CVE-2024-46891 | 1 Siemens | 1 Sinec Ins | 2025-08-20 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. | |||||
| CVE-2024-46894 | 1 Siemens | 1 Sinec Ins | 2025-08-20 | N/A | 6.3 MEDIUM |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration. | |||||
| CVE-2024-54137 | 1 Openquantumsafe | 1 Liboqs | 2025-08-20 | N/A | 7.4 HIGH |
| liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0. | |||||
| CVE-2025-54655 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.1 HIGH |
| Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module. | |||||
| CVE-2025-54607 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 7.7 HIGH |
| Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54606 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 7.3 HIGH |
| Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | |||||
| CVE-2025-54622 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.3 HIGH |
| Binding authentication bypass vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54627 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 8.8 HIGH |
| Out-of-bounds write vulnerability in the skia module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54618 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 5.7 MEDIUM |
| Permission control vulnerability in the distributed clipboard module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54623 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 6.3 MEDIUM |
| Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54619 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 5.3 MEDIUM |
| Iterator failure issue in the multi-mode input module. Impact: Successful exploitation of this vulnerability may cause iterator failures and affect availability. | |||||
| CVE-2025-54620 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 5.5 MEDIUM |
| Deserialization vulnerability of untrusted data in the ability module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-0784 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 2.6 LOW | 3.7 LOW |
| A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2025-24791 | 2 Linux, Snowflake | 2 Linux Kernel, Snowflake Connector | 2025-08-20 | N/A | 4.4 MEDIUM |
| snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2. | |||||
| CVE-2025-54624 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 5.7 MEDIUM |
| Unexpected injection event vulnerability in the multimodalinput module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54625 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 6.7 MEDIUM |
| Race condition vulnerability in the kernel file system module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54631 | 1 Huawei | 1 Harmonyos | 2025-08-20 | N/A | 6.7 MEDIUM |
| Vulnerability of insufficient data length verification in the partition module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-24789 | 2 Microsoft, Snowflake | 2 Windows, Snowflake Jdbc | 2025-08-20 | N/A | 7.8 HIGH |
| Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0. | |||||