Total
305836 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43982 | 2025-08-14 | N/A | 9.8 CRITICAL | ||
| Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. | |||||
| CVE-2024-39690 | 1 Projectcapsule | 1 Capsule | 2025-08-14 | N/A | 8.4 HIGH |
| Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch. | |||||
| CVE-2012-10055 | 2025-08-14 | N/A | N/A | ||
| ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations. | |||||
| CVE-2025-47479 | 1 Wpcompress | 1 Wp Compress | 2025-08-14 | N/A | 5.3 MEDIUM |
| Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30. | |||||
| CVE-2025-7066 | 1 Jirafeau | 1 Jirafeau | 2025-08-14 | N/A | 6.1 MEDIUM |
| Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma. | |||||
| CVE-2025-6663 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-14 | N/A | 7.8 HIGH |
| GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381. | |||||
| CVE-2025-6810 | 1 Mescius | 1 Activereports.net | 2025-08-14 | N/A | 9.8 CRITICAL |
| Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the ReadValue method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25246. | |||||
| CVE-2020-25559 | 1 Gnuplot | 1 Gnuplot | 2025-08-14 | 6.8 MEDIUM | 7.8 HIGH |
| gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. | |||||
| CVE-2020-25969 | 1 Gnuplot | 1 Gnuplot | 2025-08-14 | N/A | 9.8 CRITICAL |
| gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). | |||||
| CVE-2017-9670 | 1 Gnuplot | 1 Gnuplot | 2025-08-14 | 6.8 MEDIUM | 7.8 HIGH |
| An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file. | |||||
| CVE-2025-6811 | 1 Mescius | 1 Activereports.net | 2025-08-14 | N/A | 9.8 CRITICAL |
| Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the TypeResolutionService class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25397. | |||||
| CVE-2025-50946 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go. | |||||
| CVE-2025-23298 | 2025-08-14 | N/A | 7.8 HIGH | ||
| NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-23306 | 2025-08-14 | N/A | 7.8 HIGH | ||
| NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2025-45314 | 2025-08-14 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function. | |||||
| CVE-2025-45315 | 2025-08-14 | N/A | 5.4 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter. | |||||
| CVE-2024-5477 | 2025-08-14 | N/A | N/A | ||
| A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability. | |||||
| CVE-2025-23304 | 2025-08-14 | N/A | 7.8 HIGH | ||
| NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | |||||
| CVE-2025-23303 | 2025-08-14 | N/A | 7.8 HIGH | ||
| NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
| CVE-2025-23295 | 2025-08-14 | N/A | 7.8 HIGH | ||
| NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | |||||