Total
10571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27493 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-08-22 | N/A | 8.2 HIGH |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2025-27494 | 1 Siemens | 4 Sipass Integrated Ac5102 \(acc-g2\), Sipass Integrated Ac5102 \(acc-g2\) Firmware, Sipass Integrated Acc-ap and 1 more | 2025-08-22 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. | |||||
| CVE-2022-1242 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-22 | N/A | 7.8 HIGH |
| Apport can be tricked into connecting to arbitrary sockets as the root user | |||||
| CVE-2025-27151 | 1 Redis | 1 Redis | 2025-08-21 | N/A | 4.7 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | |||||
| CVE-2025-8708 | 1 Antabot | 1 White-jotter | 2025-08-21 | 4.6 MEDIUM | 5.0 MEDIUM |
| A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration. The manipulation with the input EVANNIGHTLY_WAOU leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1113 | 1 Taisan | 1 Tarzan-cms | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-40593 | 1 Siemens | 1 Simatic Cn 4100 | 2025-08-21 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition. | |||||
| CVE-2025-25005 | 1 Microsoft | 1 Exchange Server | 2025-08-21 | N/A | 6.5 MEDIUM |
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | |||||
| CVE-2025-40746 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2025-08-20 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V3.2). Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges. | |||||
| CVE-2025-21477 | 1 Qualcomm | 178 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 175 more | 2025-08-20 | N/A | 7.5 HIGH |
| Transient DOS while processing CCCH data when NW sends data with invalid length. | |||||
| CVE-2024-55567 | 1 Insyde | 1 Insydeh2o | 2025-08-20 | N/A | 7.5 HIGH |
| Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | |||||
| CVE-2024-27241 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Workplace and 2 more | 2025-08-20 | N/A | 5.3 MEDIUM |
| Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-5497 | 1 Phpwcms | 1 Phpwcms | 2025-08-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Upgrading to version 1.9.46 and 1.10.9 is sufficient to resolve this issue. The patch is named 41a72eca0baa9d9d0214fec97db2400bc082d2a9. It is recommended to upgrade the affected component. | |||||
| CVE-2024-45422 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-08-19 | N/A | 6.5 MEDIUM |
| Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-6625 | 2025-08-18 | N/A | 7.5 HIGH | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. | |||||
| CVE-2025-7693 | 2025-08-18 | N/A | N/A | ||
| A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED state and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF015. To recover, clear the fault. | |||||
| CVE-2025-9060 | 2025-08-18 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above. | |||||
| CVE-2025-52620 | 2025-08-18 | N/A | 4.3 MEDIUM | ||
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | |||||
| CVE-2024-20495 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2025-08-15 | N/A | 8.6 HIGH |
| A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | N/A | 6.5 MEDIUM |
| Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | |||||