Total
10571 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50494 | 1 Phpgurukul | 1 Car Washing Management System | 2025-07-29 | N/A | 7.5 HIGH |
| Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-50493 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-07-29 | N/A | 7.5 HIGH |
| Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. | |||||
| CVE-2025-50490 | 1 Phpgurukul | 1 Student Result Management System | 2025-07-29 | N/A | 7.5 HIGH |
| Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. | |||||
| CVE-2024-42516 | 1 Apache | 1 Http Server | 2025-07-29 | N/A | 7.5 HIGH |
| HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server can split the HTTP response. This vulnerability was described as CVE-2023-38709 but the patch included in Apache HTTP Server 2.4.59 did not address the issue. Users are recommended to upgrade to version 2.4.64, which fixes this issue. | |||||
| CVE-2025-50151 | 1 Apache | 1 Jena | 2025-07-29 | N/A | 8.8 HIGH |
| File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload. | |||||
| CVE-2014-125114 | 2025-07-29 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash. | |||||
| CVE-2025-8097 | 2025-07-29 | N/A | 5.3 MEDIUM | ||
| The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for unauthenticated attackers to manipulate cart quantities using fractional values, allowing them to obtain products for free by setting extremely small quantities (e.g., 0.00001) that round cart totals to $0.00, effectively bypassing payment requirements and allowing unauthorized acquisition of virtual or downloadable products. | |||||
| CVE-2014-125119 | 2025-07-29 | N/A | N/A | ||
| A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution. | |||||
| CVE-2024-52880 | 1 Insyde | 1 Kernel | 2025-07-29 | N/A | 7.9 HIGH |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted. | |||||
| CVE-2021-41561 | 1 Apache | 1 Parquet Java | 2025-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in Parquet-MR of Apache Parquet allows an attacker to DoS by malicious Parquet files. This issue affects Apache Parquet-MR version 1.9.0 and later versions. | |||||
| CVE-2019-11687 | 1 Nema | 1 Dicom Standard | 2025-07-24 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems, including Portable Executable (PE) files for Windows and Executable and Linkable Format (ELF) files for Linux-based systems. This space is left unspecified so that dual-purpose files can be created. For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging applications in medicine. This design flaw enables system-wide compromise as malicious DICOM files are routinely shared between medical devices and hospital systems and transported via removable media for patient care coordination. To exploit this vulnerability, someone must execute the maliciously crafted file. These files can be executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. DICOM files exist on systems that process protected health information, and successful exploitation could result in violations of regulatory compliance requirements such as HIPAA and FDA postmarket obligations. | |||||
| CVE-2022-3388 | 1 Hitachienergy | 2 Microscada Pro Sys600, Microscada X Sys600 | 2025-07-23 | N/A | 8.8 HIGH |
| An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role. | |||||
| CVE-2023-20182 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | N/A | 5.4 MEDIUM |
| Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2019-1841 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected. | |||||
| CVE-2025-6558 | 1 Google | 1 Chrome | 2025-07-23 | N/A | 8.8 HIGH |
| Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2025-6585 | 2025-07-22 | N/A | 8.1 HIGH | ||
| The WP JobHunt plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.2 via the cs_remove_profile_callback() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete accounts of other users including admins. | |||||
| CVE-2025-20227 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-07-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure. | |||||
| CVE-2025-53652 | 1 Jenkins | 1 Git Parameter | 2025-07-18 | N/A | 8.2 HIGH |
| Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters. | |||||
| CVE-2025-44526 | 1 Realtek | 2 Rtl8762e Software Development Kit, Rtl8762ekf-evb | 2025-07-18 | N/A | 6.5 MEDIUM |
| Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet. | |||||
| CVE-2025-49719 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-07-17 | N/A | 7.5 HIGH |
| Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. | |||||