Total
308576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24004 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | N/A | 5.2 MEDIUM |
| A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog. | |||||
| CVE-2025-24005 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | N/A | 7.8 HIGH |
| A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. | |||||
| CVE-2025-24006 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | N/A | 7.8 HIGH |
| A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. | |||||
| CVE-2024-58114 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 4.0 MEDIUM |
| Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2020-9250 | 1 Huawei | 2 Mate 20 Pro, Mate 20 Pro Firmware | 2025-07-11 | N/A | 3.3 LOW |
| There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250. | |||||
| CVE-2025-5125 | 1 Howardehrenberg | 1 Custom Post Carousels With Owl | 2025-07-11 | N/A | 4.8 MEDIUM |
| The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it. | |||||
| CVE-2022-32144 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-07-11 | N/A | 8.6 HIGH |
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | |||||
| CVE-2025-48700 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-07-11 | N/A | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction. | |||||
| CVE-2025-5488 | 1 Kaushik07 | 1 Wp Masonry \& Infinite Scroll | 2025-07-11 | N/A | 6.4 MEDIUM |
| The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48906 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.8 HIGH |
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-5540 | 1 Emarketdesign | 1 Event Rsvp And Simple Event Management | 2025-07-11 | N/A | 6.4 MEDIUM |
| The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48905 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.1 HIGH |
| Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | |||||
| CVE-2025-48904 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 4.4 MEDIUM |
| Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48903 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.8 HIGH |
| Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6693 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48902 | 1 Huawei | 2 Emui, Harmonyos | 2025-07-11 | N/A | 6.6 MEDIUM |
| Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-22249 | 1 Vmware | 3 Aria Automation, Cloud Foundation, Telco Cloud Platform | 2025-07-11 | N/A | 8.2 HIGH |
| VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | |||||
| CVE-2025-48911 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.2 HIGH |
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48910 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 5.5 MEDIUM |
| Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48909 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.1 HIGH |
| Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||