Total
309068 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21546 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. | |||||
| CVE-2024-20853 | 2025-08-26 | N/A | 5.1 MEDIUM | ||
| Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore. | |||||
| CVE-2024-20345 | 1 Cisco | 1 Appdynamics Controller | 2025-08-26 | N/A | 6.5 MEDIUM |
| A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. | |||||
| CVE-2024-20332 | 1 Cisco | 1 Identity Services Engine | 2025-08-26 | N/A | 5.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials. | |||||
| CVE-2024-20312 | 1 Cisco | 2 Ios, Ios Xe | 2025-08-26 | N/A | 7.4 HIGH |
| A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency. | |||||
| CVE-2024-1714 | 1 Sailpoint | 1 Identityiq | 2025-08-26 | N/A | 7.1 HIGH |
| An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request. | |||||
| CVE-2024-1587 | 1 Blazethemes | 1 Newsmatic | 2025-08-26 | N/A | 5.3 MEDIUM |
| The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmatic_filter_posts_load_tab_content'. This makes it possible for unauthenticated attackers to view draft posts and post content. | |||||
| CVE-2024-13129 | 2025-08-26 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component. | |||||
| CVE-2024-12569 | 2025-08-26 | N/A | 7.8 HIGH | ||
| Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | |||||
| CVE-2025-26467 | 1 Apache | 1 Cassandra | 2025-08-26 | N/A | 8.8 HIGH |
| Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015. | |||||
| CVE-2025-46411 | 1 Libbiosig Project | 1 Libbiosig | 2025-08-26 | N/A | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-48005 | 1 Libbiosig Project | 1 Libbiosig | 2025-08-26 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-52461 | 1 Libbiosig Project | 1 Libbiosig | 2025-08-26 | N/A | 8.2 HIGH |
| An out-of-bounds read vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-29420 | 1 Perfree | 1 Perfreeblog | 2025-08-26 | N/A | 7.5 HIGH |
| PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. | |||||
| CVE-2025-29421 | 1 Perfree | 1 Perfreeblog | 2025-08-26 | N/A | 7.5 HIGH |
| PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. | |||||
| CVE-2025-7715 | 1 Block Attributes Project | 1 Block Attributes | 2025-08-26 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Block Attributes allows Cross-Site Scripting (XSS).This issue affects Block Attributes: from 0.0.0 before 1.1.0, from 2.0.0 before 2.0.1. | |||||
| CVE-2025-7716 | 1 Real-time Seo Project | 1 Real-time Seo | 2025-08-26 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS).This issue affects Real-time SEO for Drupal: from 2.0.0 before 2.2.0. | |||||
| CVE-2025-7717 | 1 File Download Project | 1 File Download | 2025-08-26 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1. | |||||
| CVE-2024-6174 | 1 Canonical | 1 Cloud-init | 2025-08-26 | N/A | 8.8 HIGH |
| When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. | |||||
| CVE-2025-2337 | 1 Matio Project | 1 Matio | 2025-08-26 | 7.5 HIGH | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||