Total
308626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48906 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.8 HIGH |
| Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-5540 | 1 Emarketdesign | 1 Event Rsvp And Simple Event Management | 2025-07-11 | N/A | 6.4 MEDIUM |
| The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48905 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.1 HIGH |
| Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | |||||
| CVE-2025-48904 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 4.4 MEDIUM |
| Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48903 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.8 HIGH |
| Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6693 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys_device_write of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48902 | 1 Huawei | 2 Emui, Harmonyos | 2025-07-11 | N/A | 6.6 MEDIUM |
| Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-22249 | 1 Vmware | 3 Aria Automation, Cloud Foundation, Telco Cloud Platform | 2025-07-11 | N/A | 8.2 HIGH |
| VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | |||||
| CVE-2025-48911 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 8.2 HIGH |
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48910 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 5.5 MEDIUM |
| Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48909 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.1 HIGH |
| Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-6676 | 1 Gbyte | 1 Simple Xml Sitemap | 2025-07-11 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2. | |||||
| CVE-2025-6677 | 1 Paragraphs Table Project | 1 Paragraphs Table | 2025-07-11 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5. | |||||
| CVE-2025-48908 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 6.7 MEDIUM |
| Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-48907 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 6.2 MEDIUM |
| Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-6735 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6736 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-52717 | 1 Lifterlms | 1 Lifterlms | 2025-07-11 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in chrisbadgett LifterLMS allows SQL Injection. This issue affects LifterLMS: from n/a through 8.0.6. | |||||
| CVE-2025-1704 | 1 Google | 1 Chrome Os | 2025-07-11 | N/A | 6.5 MEDIUM |
| ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition. | |||||
| CVE-2025-44039 | 1 Cpplusworld | 2 Cp-xr-de21-s, Cp-xr-de21-s Firmware | 2025-07-11 | N/A | 5.1 MEDIUM |
| CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via a serial connection, read all boot sequence, and revealing internal system details and sensitive information without any authentication. | |||||