Total
10503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8227 | 1 Yanyutao0402 | 1 Chancms | 2025-08-01 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. The patch is named 33d9bb464353015aaaba84e27638ac9a3912795d. It is recommended to upgrade the affected component. | |||||
| CVE-2025-30213 | 1 Frappe | 1 Frappe | 2025-08-01 | N/A | 8.8 HIGH |
| Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an upgrade is required. | |||||
| CVE-2025-43234 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-08-01 | N/A | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination. | |||||
| CVE-2025-43253 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| This issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to launch arbitrary binaries on a trusted device. | |||||
| CVE-2025-31281 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-07-31 | N/A | 9.1 CRITICAL |
| An input validation issue was addressed with improved memory handling. This issue is fixed in visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6. Processing a maliciously crafted file may lead to unexpected app termination. | |||||
| CVE-2025-43195 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 5.5 MEDIUM |
| An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data. | |||||
| CVE-2025-43223 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-07-31 | N/A | 7.5 HIGH |
| A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.7, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, macOS Sonoma 14.7.7, watchOS 11.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6. A non-privileged user may be able to modify restricted network settings. | |||||
| CVE-2011-10008 | 2025-07-31 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user. | |||||
| CVE-2025-30480 | 2025-07-31 | N/A | 6.5 MEDIUM | ||
| Dell PowerProtect Data Manager, versions prior to 19.19, contain(s) an Improper Input Validation vulnerability in PowerProtect Data Manager. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files. | |||||
| CVE-2025-4424 | 2025-07-31 | N/A | 6.0 MEDIUM | ||
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | |||||
| CVE-2025-20154 | 1 Cisco | 3 Ios, Ios Xe, Ios Xr | 2025-07-31 | N/A | 8.6 HIGH |
| A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled. This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | |||||
| CVE-2024-10707 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-31 | N/A | 6.5 MEDIUM |
| gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file and exploiting the improper input validation in the handle_dataset_selection function. | |||||
| CVE-2024-12387 | 1 Binary-husky | 1 Gpt Academic | 2025-07-31 | N/A | 6.5 MEDIUM |
| A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads. | |||||
| CVE-2024-56131 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56132 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56133 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56134 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2024-56135 | 1 Progress | 2 Loadmaster, Multi-tenant Loadmaster | 2025-07-31 | N/A | 8.4 HIGH |
| Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | |||||
| CVE-2022-3075 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-07-30 | N/A | 9.6 CRITICAL |
| Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2025-1041 | 1 Avaya | 1 Call Management System | 2025-07-30 | N/A | 9.9 CRITICAL |
| An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0. | |||||