Total
307382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4286 | 1 Intelbras | 1 Incontrol Web | 2025-08-20 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. | |||||
| CVE-2025-1992 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-20 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | |||||
| CVE-2025-7342 | 2025-08-20 | N/A | 7.5 HIGH | ||
| A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the Windows image build process when using the Nutanix or VMware OVA providers. These credentials, which allow root access, are disabled at the conclusion of the build. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project and the vulnerability was exploited during the build process, which requires an attacker to access the build VM and modify the image while the build is in progress. | |||||
| CVE-2025-20134 | 2025-08-19 | N/A | 8.6 HIGH | ||
| A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT) rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2024-52896 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-08-19 | N/A | 6.2 MEDIUM |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | |||||
| CVE-2024-52897 | 3 Ibm, Linux, Microsoft | 4 Linux On Ibm Z, Mq, Linux Kernel and 1 more | 2025-08-19 | N/A | 6.2 MEDIUM |
| IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | |||||
| CVE-2024-3651 | 1 Kjd | 1 Internationalized Domain Names In Applications | 2025-08-19 | N/A | 7.5 HIGH |
| A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. | |||||
| CVE-2024-58087 | 1 Linux | 1 Linux Kernel | 2025-08-19 | N/A | 8.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire. | |||||
| CVE-2025-46785 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2025-08-19 | N/A | 6.5 MEDIUM |
| Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-2900 | 1 Ibm | 1 Semeru Runtime | 2025-08-19 | N/A | 7.5 HIGH |
| IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation. | |||||
| CVE-2025-38745 | 1 Dell | 1 Openmanage Enterprise | 2025-08-19 | N/A | 4.8 MEDIUM |
| Dell OpenManage Enterprise, versions 3.10, 4.0, 4.1, and 4.2, contains an Insertion of Sensitive Information into Log File vulnerability in the Backup and Restore. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | |||||
| CVE-2025-54409 | 1 Advanced Intrusion Detection Environment Project | 1 Advanced Intrusion Detection Environment | 2025-08-19 | N/A | 6.2 MEDIUM |
| AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a key containing a comma. A local user might exploit this to cause a local denial of service. This issue has been patched in version 0.19.2. A workaround involves removing xattrs group from rules matching files on affected file systems. | |||||
| CVE-2025-54389 | 1 Advanced Intrusion Detection Environment Project | 1 Advanced Intrusion Detection Environment | 2025-08-19 | N/A | 6.2 MEDIUM |
| AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamper with the log output. A local user might exploit this to bypass the AIDE detection of malicious files. Additionally the output of extended attribute key names and symbolic links targets are also not properly neutralized. This issue has been patched in version 0.19.2. A workaround involves configuring AIDE to write the report output to a regular file, redirecting stdout to a regular file, or redirecting the log output written to stderr to a regular file. | |||||
| CVE-2025-8964 | 1 Fabian | 1 Hostel Management System | 2025-08-19 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8962 | 1 Fabian | 1 Hostel Management System | 2025-08-19 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-23084 | 2 Microsoft, Nodejs | 2 Windows, Node.js | 2025-08-19 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API. | |||||
| CVE-2025-8940 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this vulnerability is the function strcpy of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8939 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-08-19 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/WifiGuestSet. The manipulation of the argument shareSpeed leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-55153 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: This CVE is a duplicate of another CVE. | |||||
| CVE-2025-6297 | 1 Debian | 1 Dpkg | 2025-08-19 | N/A | 8.2 HIGH |
| It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. | |||||