Total
308605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2255 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 8.7 HIGH |
| An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. | |||||
| CVE-2025-2867 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 4.4 MEDIUM |
| An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. | |||||
| CVE-2024-10307 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. | |||||
| CVE-2013-3893 | 1 Microsoft | 1 Internet Explorer | 2025-08-13 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll. | |||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2025-08-13 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | |||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-08-13 | N/A | 5.2 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | |||||
| CVE-2025-3149 | 1 Itning | 1 Student-homework-management-system | 2025-08-13 | 3.3 LOW | 2.4 LOW |
| A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-3150 | 1 Itning | 1 Student-homework-management-system | 2025-08-13 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Multiple endpoints might be affected. | |||||
| CVE-2025-2987 | 1 Ibm | 1 Maximo Asset Management | 2025-08-13 | N/A | 3.8 LOW |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2025-2986 | 1 Ibm | 1 Maximo Asset Management | 2025-08-13 | N/A | 5.5 MEDIUM |
| IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-1095 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Personal Communications, Linux Kernel and 1 more | 2025-08-13 | N/A | 8.8 HIGH |
| IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | |||||
| CVE-2024-56341 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2025-08-13 | N/A | 5.4 MEDIUM |
| IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-49338 | 3 Ibm, Linux, Microsoft | 4 Aix, App Connect Enterprise, Linux Kernel and 1 more | 2025-08-13 | N/A | 4.4 MEDIUM |
| IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. | |||||
| CVE-2024-9167 | 1 Ivanti | 1 Velocity License Server | 2025-08-13 | N/A | 7.8 HIGH |
| Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | |||||
| CVE-2024-4405 | 1 Mi | 2 Xiaomi 13 Pro, Xiaomi 13 Pro Firmware | 2025-08-13 | N/A | 9.6 CRITICAL |
| Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the manual-upgrade.html file. When parsing the manualUpgradeInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22379. | |||||
| CVE-2024-4406 | 1 Mi | 2 Xiaomi 13 Pro, Xiaomi 13 Pro Firmware | 2025-08-13 | N/A | 9.6 CRITICAL |
| Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332. | |||||
| CVE-2023-27334 | 1 Softing | 4 Edgeaggregator, Edgeconnector, Opc Ua C\+\+ Software Development Kit and 1 more | 2025-08-13 | N/A | 7.5 HIGH |
| Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498. | |||||
| CVE-2023-27335 | 1 Softing | 2 Edgeaggregator, Secure Integration Server | 2025-08-13 | N/A | 9.6 CRITICAL |
| Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the input parameters provided to the edgeAggregetor client. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20504. | |||||
| CVE-2023-27336 | 1 Softing | 3 Edgeaggregator, Edgeconnector, Secure Integration Server | 2025-08-13 | N/A | 7.5 HIGH |
| Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC client certificates. The issue results from dereferencing a NULL pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20508. | |||||
| CVE-2023-27347 | 1 Gdata-software | 1 Total Security | 2025-08-13 | N/A | 7.8 HIGH |
| G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18749. | |||||