Total
309418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37894 | 1 Squid-cache | 1 Squid | 2025-08-26 | N/A | 6.3 MEDIUM |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. | |||||
| CVE-2023-48733 | 3 Canonical, Debian, Tianocore | 3 Lxd, Debian Linux, Edk2 | 2025-08-26 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2023-49721 | 2 Canonical, Tianocore | 2 Lxd, Edk2 | 2025-08-26 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2023-7207 | 1 Gnu | 1 Cpio | 2025-08-26 | N/A | 4.9 MEDIUM |
| Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames. | |||||
| CVE-2024-2314 | 2 Iovisor, Linux | 2 Bpf Compiler Collection, Linux Kernel | 2025-08-26 | N/A | 2.8 LOW |
| If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | |||||
| CVE-2024-28242 | 1 Discourse | 1 Discourse | 2025-08-26 | N/A | 5.3 MEDIUM |
| Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds. | |||||
| CVE-2024-29199 | 1 Networktocode | 1 Nautobot | 2025-08-26 | N/A | 3.7 LOW |
| Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9. | |||||
| CVE-2024-3250 | 1 Canonical | 1 Pebble | 2025-08-26 | N/A | 6.5 MEDIUM |
| It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4. | |||||
| CVE-2024-2312 | 2 Gnu, Netapp | 3 Grub2, Bootstrap Os, Hci Compute Node | 2025-08-26 | N/A | 6.7 MEDIUM |
| GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass. | |||||
| CVE-2025-31124 | 1 Zitadel | 1 Zitadel | 2025-08-26 | N/A | 5.3 MEDIUM |
| Zitadel is open-source identity infrastructure software. ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". While the setting was correctly respected during the login flow, the user's username was normalized leading to a disclosure of the user's existence. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9. | |||||
| CVE-2024-12199 | 1 Autodesk | 1 Navisworks | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-11608 | 1 Autodesk | 1 Revit | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-11454 | 1 Autodesk | 1 Revit | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. | |||||
| CVE-2024-11422 | 1 Autodesk | 1 Navisworks | 2025-08-26 | N/A | 7.8 HIGH |
| A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-27507 | 1 Zitadel | 1 Zitadel | 2025-08-26 | N/A | 9.0 CRITICAL |
| The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP configurations. Customers who do not utilize LDAP for authentication are not at risk from the most severe aspects of this vulnerability. However, upgrading to the patched version to address all identified issues is strongly recommended. This vulnerability is fixed in 2.71.0, 2.70.1, ,2.69.4, 2.68.4, 2.67.8, 2.66.11, 2.65.6, 2.64.5, and 2.63.8. | |||||
| CVE-2024-41147 | 1 Mackron | 1 Miniaudio | 2025-08-26 | N/A | 7.7 HIGH |
| An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-27515 | 1 Laravel | 1 Framework | 2025-08-26 | N/A | 9.8 CRITICAL |
| Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*`), a user-crafted malicious request could potentially bypass the validation rules. This vulnerability is fixed in 11.44.1 and 12.1.1. | |||||
| CVE-2022-1804 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2025-08-26 | N/A | 5.5 MEDIUM |
| accountsservice no longer drops permissions when writting .pam_environment | |||||
| CVE-2023-0881 | 1 Canonical | 1 Linux-bluefield | 2025-08-26 | N/A | 7.5 HIGH |
| Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package. | |||||
| CVE-2025-31123 | 1 Zitadel | 1 Zitadel | 2025-08-26 | N/A | 8.7 HIGH |
| Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9. | |||||