Total
307513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25175 | 1 Siemens | 1 Simcenter Femap | 2025-08-19 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25443) | |||||
| CVE-2023-4458 | 1 Linux | 1 Linux Kernel | 2025-08-19 | N/A | 4.0 MEDIUM |
| A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | |||||
| CVE-2024-45556 | 1 Qualcomm | 120 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 117 more | 2025-08-19 | N/A | 6.5 MEDIUM |
| Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR. | |||||
| CVE-2024-45557 | 1 Qualcomm | 122 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 119 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. | |||||
| CVE-2023-52927 | 1 Linux | 1 Linux Kernel | 2025-08-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. | |||||
| CVE-2025-21421 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while processing escape code in API. | |||||
| CVE-2025-21423 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption occurs when handling client calls to EnableTestMode through an Escape call. | |||||
| CVE-2025-21425 | 1 Qualcomm | 66 Qam8255p, Qam8255p Firmware, Qam8295p and 63 more | 2025-08-19 | N/A | 7.3 HIGH |
| Memory corruption may occur due top improper access control in HAB process. | |||||
| CVE-2025-21431 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | N/A | 5.5 MEDIUM |
| Information disclosure may be there when a guest VM is connected. | |||||
| CVE-2025-21442 | 1 Qualcomm | 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while transmitting packet mapping information with invalid header payload size. | |||||
| CVE-2025-21443 | 1 Qualcomm | 72 Qam8255p, Qam8255p Firmware, Qam8295p and 69 more | 2025-08-19 | N/A | 7.8 HIGH |
| Memory corruption while processing message content in eAVB. | |||||
| CVE-2024-49825 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-08-19 | N/A | 6.3 MEDIUM |
| IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2024-22314 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-08-19 | N/A | 5.9 MEDIUM |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2020-10650 | 4 Debian, Fasterxml, Netapp and 1 more | 5 Debian Linux, Jackson-databind, Active Iq Unified Manager and 2 more | 2025-08-19 | N/A | 8.1 HIGH |
| A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider. | |||||
| CVE-2022-21661 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2025-08-19 | 5.0 MEDIUM | 8.0 HIGH |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-6230 | 1 Lenovo | 2 Commercial Vantage, Vantage | 2025-08-19 | N/A | 5.3 MEDIUM |
| A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands. | |||||
| CVE-2025-7848 | 1 Ni | 1 Labview | 2025-08-19 | N/A | 7.8 HIGH |
| A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions. | |||||
| CVE-2024-8927 | 1 Php | 1 Php | 2025-08-19 | N/A | 7.5 HIGH |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | |||||
| CVE-2024-9026 | 1 Php | 1 Php | 2025-08-19 | N/A | 3.3 LOW |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. | |||||
| CVE-2024-8926 | 1 Php | 1 Php | 2025-08-19 | N/A | 8.1 HIGH |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | |||||