Total
3695 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49591 | 1 Xwiki | 1 Cryptpad | 2025-08-11 | N/A | 9.1 CRITICAL |
| CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0. | |||||
| CVE-2023-33070 | 1 Qualcomm | 204 Apq5053-aa, Apq5053-aa Firmware, Aqt1000 and 201 more | 2025-08-11 | N/A | 7.1 HIGH |
| Transient DOS in Automotive OS due to improper authentication to the secure IO calls. | |||||
| CVE-2025-21450 | 1 Qualcomm | 216 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 213 more | 2025-08-11 | N/A | 9.1 CRITICAL |
| Cryptographic issue occurs due to use of insecure connection method while downloading. | |||||
| CVE-2023-24852 | 1 Qualcomm | 542 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 539 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory Corruption in Core due to secure memory access by user while loading modem image. | |||||
| CVE-2023-43551 | 1 Qualcomm | 482 205 Mobile, 205 Mobile Firmware, 215 Mobile and 479 more | 2025-08-11 | N/A | 9.1 CRITICAL |
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | |||||
| CVE-2024-38426 | 1 Qualcomm | 328 205, 205 Firmware, 215 and 325 more | 2025-08-11 | N/A | 5.4 MEDIUM |
| While processing the authentication message in UE, improper authentication may lead to information disclosure. | |||||
| CVE-2023-33054 | 1 Qualcomm | 336 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 333 more | 2025-08-11 | N/A | 9.1 CRITICAL |
| Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. | |||||
| CVE-2024-6248 | 1 Wyze | 2 Cam V3, Cam V3 Firmware | 2025-08-08 | N/A | 7.5 HIGH |
| Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393. | |||||
| CVE-2024-1039 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2025-08-07 | N/A | 9.8 CRITICAL |
| Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. | |||||
| CVE-2025-53786 | 2025-08-06 | N/A | 8.0 HIGH | ||
| On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment. | |||||
| CVE-2025-8546 | 2025-08-05 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-0217 | 1 Beyondtrust | 1 Privileged Remote Access | 2025-08-01 | N/A | 7.8 HIGH |
| BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions. | |||||
| CVE-2024-6576 | 1 Progress | 1 Moveit Transfer | 2025-08-01 | N/A | 7.3 HIGH |
| Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. | |||||
| CVE-2025-30214 | 1 Frappe | 1 Frappe | 2025-08-01 | N/A | 7.5 HIGH |
| Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading. | |||||
| CVE-2024-10114 | 1 Wpwebelite | 1 Woocommerce Social Login | 2025-08-01 | N/A | 8.1 HIGH |
| The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.7.7. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | |||||
| CVE-2025-54573 | 2025-07-31 | N/A | 4.3 MEDIUM | ||
| CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified users. Additionally, the missing email verification check leaves the system open to bot signups and further usage. CVAT 2.42.0 and later versions contain a fix for the issue. CVAT Enterprise customers have a workaround available; those customers may disable registration to prevent this issue. | |||||
| CVE-2025-8348 | 2025-07-31 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2017-12337 | 1 Cisco | 11 Emergency Responder, Finesse, Hosted Collaboration Solution and 8 more | 2025-07-31 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797. | |||||
| CVE-2025-49706 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-30 | N/A | 6.5 MEDIUM |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2024-30939 | 1 Yealink | 1 Vp59 Firmware | 2025-07-30 | N/A | 6.8 MEDIUM |
| An issue discovered in Yealink VP59 Teams Editions with firmware version 91.15.0.118 allows a physically proximate attacker to gain control of an account via a flaw in the factory reset procedure. | |||||