Total
306668 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57721 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57720 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57719 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57718 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57717 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2024-3094 | 1 Tukaani | 1 Xz | 2025-08-19 | N/A | 10.0 CRITICAL |
| Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | |||||
| CVE-2025-54948 | 1 Trendmicro | 1 Apex One | 2025-08-19 | N/A | 9.4 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | |||||
| CVE-2025-3277 | 1 Sqlite | 1 Sqlite | 2025-08-18 | N/A | 9.8 CRITICAL |
| An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. | |||||
| CVE-2025-32992 | 2025-08-18 | N/A | 8.5 HIGH | ||
| Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control. | |||||
| CVE-2024-9500 | 1 Autodesk | 1 Installer | 2025-08-18 | N/A | 7.8 HIGH |
| A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | |||||
| CVE-2024-7995 | 1 Autodesk | 1 Vred | 2025-08-18 | N/A | 7.8 HIGH |
| A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2024-11268 | 1 Autodesk | 1 Revit | 2025-08-18 | N/A | 5.5 MEDIUM |
| A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak. | |||||
| CVE-2023-7298 | 1 Autodesk | 1 Fbx Software Development Kit | 2025-08-18 | N/A | 4.4 MEDIUM |
| A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | |||||
| CVE-2011-10019 | 2025-08-18 | N/A | N/A | ||
| Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication. | |||||
| CVE-2025-5998 | 1 Passwordprotectwp | 1 Password Protect Wordpress | 2025-08-18 | N/A | 6.5 MEDIUM |
| The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API. | |||||
| CVE-2023-3867 | 2025-08-18 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while processing the first payload in the smb2_sess_setup(). | |||||
| CVE-2025-9107 | 2025-08-18 | 5.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-38502 | 2025-08-18 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each utilizing a cgroup local storage with a different value size, and one program doing a tail call into the other. The verifier will validate each of the indivial programs just fine. However, in the runtime context the bpf_cg_run_ctx holds an bpf_prog_array_item which contains the BPF program as well as any cgroup local storage flavor the program uses. Helpers such as bpf_get_local_storage() pick this up from the runtime context: ctx = container_of(current->bpf_ctx, struct bpf_cg_run_ctx, run_ctx); storage = ctx->prog_item->cgroup_storage[stype]; if (stype == BPF_CGROUP_STORAGE_SHARED) ptr = &READ_ONCE(storage->buf)->data[0]; else ptr = this_cpu_ptr(storage->percpu_buf); For the second program which was called from the originally attached one, this means bpf_get_local_storage() will pick up the former program's map, not its own. With mismatching sizes, this can result in an unintended out-of-bounds access. To fix this issue, we need to extend bpf_map_owner with an array of storage_cookie[] to match on i) the exact maps from the original program if the second program was using bpf_get_local_storage(), or ii) allow the tail call combination if the second program was not using any of the cgroup local storage maps. | |||||
| CVE-2025-38552 | 2025-08-18 | N/A | N/A | ||
| In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution is similar. Use a separate flag to track the condition 'socket state prevent any additional subflow creation' protected by the fallback lock. The socket fallback makes such flag true, and also receiving or sending an MP_FAIL option. The field 'allow_infinite_fallback' is now always touched under the relevant lock, we can drop the ONCE annotation on write. | |||||
| CVE-2025-49897 | 2025-08-18 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1. | |||||