Total
305847 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5942 | 2025-08-14 | N/A | N/A | ||
| Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine. | |||||
| CVE-2025-55199 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero. | |||||
| CVE-2025-54698 | 2025-08-14 | N/A | 5.4 MEDIUM | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0. | |||||
| CVE-2025-54681 | 2025-08-14 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Phishing. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. | |||||
| CVE-2025-54692 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.9.0. | |||||
| CVE-2025-54688 | 2025-08-14 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine allows Stored XSS. This issue affects JetEngine: from n/a through 3.7.1.2. | |||||
| CVE-2025-54682 | 2025-08-14 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets allows Cross Site Request Forgery. This issue affects Connector for Gravity Forms and Google Sheets: from n/a through 1.2.4. | |||||
| CVE-2012-10056 | 2025-08-14 | N/A | N/A | ||
| PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. Because this directory is publicly accessible and lacks execution controls, attackers can upload a malicious PHP payload and execute it remotely. The application ships with default credentials, making exploitation trivial. Once authenticated, the attacker can upload a PHP shell and trigger it via a direct GET request. | |||||
| CVE-2025-54705 | 2025-08-14 | N/A | 4.3 MEDIUM | ||
| Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6. | |||||
| CVE-2025-52728 | 2025-08-14 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0. | |||||
| CVE-2025-30626 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Multimedia Playlist Slider Addon for WPBakery Page Builder allows Reflected XSS. This issue affects Multimedia Playlist Slider Addon for WPBakery Page Builder: from n/a through 2.1. | |||||
| CVE-2025-39510 | 2025-08-14 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin allows SQL Injection. This issue affects Pinterest Automatic Pin: from n/a through n/a. | |||||
| CVE-2025-52720 | 2025-08-14 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection. This issue affects Super Store Finder: from n/a through 7.5. | |||||
| CVE-2025-31007 | 2025-08-14 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alvind Billplz Addon for Contact Form 7 allows Reflected XSS. This issue affects Billplz Addon for Contact Form 7: from n/a through 1.2.0. | |||||
| CVE-2025-6021 | 2025-08-14 | N/A | 7.5 HIGH | ||
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | |||||
| CVE-2025-8197 | 2025-08-14 | N/A | N/A | ||
| Rejected reason: Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issues/465 | |||||
| CVE-2024-56469 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 6.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.22, 7.2 through 7.2.3.15, and 7.3 through 7.3.2.10 / IBM DevOps Deploy 8.0 through 8.0.1.5 and 8.1 through 8.1.0.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||||
| CVE-2024-52890 | 1 Ibm | 1 Engineering Lifecycle Optimization | 2025-08-14 | N/A | 6.1 MEDIUM |
| IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs. | |||||
| CVE-2023-38012 | 1 Ibm | 1 Cloud Pak System | 2025-08-14 | N/A | 5.3 MEDIUM |
| IBM Cloud Pak System 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2025-1838 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service. | |||||