Total
308605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38386 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-13 | N/A | 5.9 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778. | |||||
| CVE-2023-47727 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-13 | N/A | 4.3 MEDIUM |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089. | |||||
| CVE-2023-27366 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-13 | N/A | 7.8 HIGH |
| Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20225. | |||||
| CVE-2023-20868 | 1 Broadcom | 1 Vmware Nsx-t Data Center | 2025-08-13 | N/A | 6.1 MEDIUM |
| NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | |||||
| CVE-2020-3993 | 2 Broadcom, Vmware | 2 Vmware Nsx-t Data Center, Cloud Foundation | 2025-08-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. | |||||
| CVE-2021-21981 | 1 Broadcom | 1 Vmware Nsx-t Data Center | 2025-08-13 | 4.6 MEDIUM | 7.8 HIGH |
| VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | |||||
| CVE-2023-32155 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2025-08-13 | N/A | 7.0 HIGH |
| Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute code on the wifi subsystem in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-20733. | |||||
| CVE-2023-32156 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2025-08-13 | N/A | 8.8 HIGH |
| Tesla Model 3 Gateway Firmware Signature Validation Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to execute privileged code on the Tesla infotainment system in order to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from improper error-handling during the update process. An attacker can leverage this vulnerability to execute code in the context of Tesla's Gateway ECU. . Was ZDI-CAN-20734. | |||||
| CVE-2023-32157 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2025-08-13 | N/A | 7.5 HIGH |
| Tesla Model 3 bsa_server BIP Heap-based Buffer Overflow Arbitrary Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the bsa_server process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of an unprivileged user in a sandboxed process. . Was ZDI-CAN-20737. | |||||
| CVE-2023-34298 | 1 Ivanti | 3 Pulse Secure Desktop Client, Pulse Secure Installer Service, Secure Access Client | 2025-08-13 | N/A | 7.8 HIGH |
| Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within SetupService. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service. Was ZDI-CAN-17687. | |||||
| CVE-2023-42124 | 1 Avast | 1 Premium Security | 2025-08-13 | N/A | 7.8 HIGH |
| Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code outside the sandbox at medium integrity. . Was ZDI-CAN-20178. | |||||
| CVE-2023-42125 | 1 Avast | 1 Premium Security | 2025-08-13 | N/A | 7.8 HIGH |
| Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. By creating a symbolic link, an attacker can abuse the service to create arbitrary namespace objects. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-20383. | |||||
| CVE-2024-7254 | 2 Google, Netapp | 8 Protobuf, Protobuf-java, Protobuf-javalite and 5 more | 2025-08-13 | N/A | 7.5 HIGH |
| Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | |||||
| CVE-2025-8731 | 2025-08-13 | 10.0 HIGH | 9.8 CRITICAL | ||
| A vulnerability was identified in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains: "For product TI-PG102i and TI-G160i, by default, the product's remote management options are all disabled. The root account is for troubleshooting purpose and the password is encrypted. However, we will remove the root account from the next firmware release. For product TPL-430AP, the initial setup process requires user to set the password for the management GUI. Once that was done, the default password will be invalid." | |||||
| CVE-2024-7128 | 2025-08-13 | N/A | 5.3 MEDIUM | ||
| A flaw was found in the OpenShift console. Several endpoints in the application use the authHandler() and authHandlerWithUser() middleware functions. When the default authentication provider ("openShiftAuth") is set, these functions do not perform any authentication checks, relying instead on the targeted service to handle authentication and authorization. This issue leads to various degrees of data exposure due to a lack of proper credential verification. | |||||
| CVE-2025-48133 | 1 Uncannyowl | 1 Uncanny Automator | 2025-08-13 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2. | |||||
| CVE-2025-30974 | 1 Addonmaster | 1 Post Grid Master | 2025-08-13 | N/A | 4.3 MEDIUM |
| Missing Authorization vulnerability in Akhtarujjaman Shuvo Post Grid Master allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Post Grid Master: from n/a through 3.4.13. | |||||
| CVE-2024-9773 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 3.7 LOW |
| An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI. | |||||
| CVE-2025-0811 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 8.7 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. | |||||
| CVE-2025-2242 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 7.5 HIGH |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects. | |||||