Total
306742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38009 | 3 Apple, Google, Ibm | 3 Iphone Os, Android, Cognos Analytics | 2025-08-18 | N/A | 4.2 MEDIUM |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | |||||
| CVE-2024-51457 | 1 Ibm | 1 Robotic Process Automation For Cloud Pak | 2025-08-18 | N/A | 4.4 MEDIUM |
| IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-45652 | 1 Ibm | 1 Maximo Asset Management | 2025-08-18 | N/A | 6.5 MEDIUM |
| IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2024-49824 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-08-18 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. | |||||
| CVE-2024-47113 | 1 Ibm | 1 Voice Gateway | 2025-08-18 | N/A | 8.1 HIGH |
| IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document. | |||||
| CVE-2025-36047 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2025-08-18 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | |||||
| CVE-2025-8943 | 2025-08-18 | N/A | 9.8 CRITICAL | ||
| The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands. | |||||
| CVE-2025-8517 | 2025-08-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component. | |||||
| CVE-2025-55188 | 1 7-zip | 1 7-zip | 2025-08-18 | N/A | 3.6 LOW |
| 7-Zip before 25.01 does not always properly handle symbolic links during extraction. | |||||
| CVE-2025-22941 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||
| CVE-2025-22940 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | 9.1 CRITICAL |
| Incorrect access control in Adtran 411 ONT L80.00.0011.M2 allows unauthorized attackers to arbitrarily set the admin password. | |||||
| CVE-2025-22939 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||
| CVE-2025-22938 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | 9.8 CRITICAL |
| Adtran 411 ONT L80.00.0011.M2 was discovered to contain weak default passwords. | |||||
| CVE-2025-22937 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | 9.8 CRITICAL |
| An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. | |||||
| CVE-2023-33202 | 1 Bouncycastle | 2 Bouncy Castle For Java, Fips Java Api | 2025-08-18 | N/A | 5.5 MEDIUM |
| Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) | |||||
| CVE-2025-53154 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-18 | N/A | 7.8 HIGH |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53153 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-08-18 | N/A | 5.7 MEDIUM |
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | |||||
| CVE-2025-53152 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-08-18 | N/A | 7.8 HIGH |
| Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally. | |||||
| CVE-2025-53151 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-08-18 | N/A | 7.8 HIGH |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-53149 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-18 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | |||||