Total
303827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8206 | 1 Comodo | 1 Dragon | 2025-07-31 | 2.6 LOW | 3.1 LOW |
| A vulnerability, which was classified as problematic, was found in Comodo Dragon up to 134.0.6998.179. This affects an unknown part of the component IP DNS Leakage Detector. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8205 | 1 Comodo | 1 Dragon | 2025-07-31 | 2.6 LOW | 3.7 LOW |
| A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8204 | 1 Comodo | 1 Dragon | 2025-07-31 | 2.6 LOW | 3.1 LOW |
| A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-20310 | 1 Cisco | 1 Enterprise Chat And Email | 2025-07-31 | N/A | 6.1 MEDIUM |
| A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. | |||||
| CVE-2025-8252 | 1 Code-projects | 1 Exam Form Submission | 2025-07-31 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s5.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8253 | 1 Code-projects | 1 Exam Form Submission | 2025-07-31 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8255 | 1 Code-projects | 1 Exam Form Submission | 2025-07-31 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-20140 | 1 Cisco | 17 Catalyst 9105axi, Catalyst 9115axe, Catalyst 9115axi and 14 more | 2025-07-31 | N/A | 7.4 HIGH |
| A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of IPv6 network requests from an associated wireless IPv6 client to an affected device. To associate a client to a device, an attacker may first need to authenticate to the network, or associate freely in the case of a configured open network. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to stop responding, resulting in a DoS condition. | |||||
| CVE-2024-20303 | 1 Cisco | 17 Catalyst 9105axi, Catalyst 9115axe, Catalyst 9115axi and 14 more | 2025-07-31 | N/A | 7.4 HIGH |
| A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of mDNS client entries. An attacker could exploit this vulnerability by connecting to the wireless network and sending a continuous stream of specific mDNS packets. A successful exploit could allow the attacker to cause the wireless controller to have high CPU utilization, which could lead to access points (APs) losing their connection to the controller and result in a DoS condition. | |||||
| CVE-2022-20931 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2025-07-31 | N/A | 6.5 MEDIUM |
| A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2025-1550 | 1 Keras | 1 Keras | 2025-07-31 | N/A | 9.8 CRITICAL |
| The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading. | |||||
| CVE-2025-20154 | 1 Cisco | 3 Ios, Ios Xe, Ios Xr | 2025-07-31 | N/A | 8.6 HIGH |
| A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. For Cisco IOS XR Software, this vulnerability could cause the ipsla_ippm_server process to reload unexpectedly if debugs are enabled. This vulnerability is due to out-of-bounds array access when processing specially crafted TWAMP control packets. An attacker could exploit this vulnerability by sending crafted TWAMP control packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: For Cisco IOS XR Software, only the ipsla_ippm_server process reloads unexpectedly and only when debugs are enabled. The vulnerability details for Cisco IOS XR Software are as follows: Security Impact Rating (SIR): Low CVSS Base Score: 3.7 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L | |||||
| CVE-2024-20400 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-07-31 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | |||||
| CVE-2025-2258 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | N/A | 7.5 HIGH |
| In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. This issue follows an uncomplete fix in CVE-2025-0728. | |||||
| CVE-2025-2259 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. This issue follows an incomplete fix of CVE-2025-0727 | |||||
| CVE-2024-10838 | 1 Eclipse | 1 Cyclone Data Distribution Service | 2025-07-31 | N/A | 9.1 CRITICAL |
| An integer underflow during deserialization may allow any unauthenticated user to read out of bounds heap memory. This may result into secret data or pointers revealing the layout of the address space to be included into a deserialized data structure, which may potentially lead to thread crashes or cause denial of service conditions. | |||||
| CVE-2025-0728 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A possible workaround is to disable HTTP PUT support. | |||||
| CVE-2025-0727 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of the other packet. A possible workaround is to disable HTTP PUT support. | |||||
| CVE-2025-0726 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.2, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. | |||||
| CVE-2025-2260 | 1 Eclipse | 1 Threadx Netx Duo | 2025-07-31 | N/A | 7.5 HIGH |
| In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users can work-around the issue by disabling the PUT request support. This issue follows an incomplete fix of CVE-2025-0726. | |||||