Total
203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53878 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-09-18 | N/A | 2.8 LOW |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. | |||||
| CVE-2024-53879 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Cuda Toolkit | 2025-09-18 | N/A | 2.8 LOW |
| NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the cuobjdump binary, where a user could cause a crash by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability might lead to a partial denial of service. | |||||
| CVE-2024-5931 | 1 Zephyrproject | 1 Zephyr | 2025-09-17 | N/A | 6.3 MEDIUM |
| BT: Unchecked user input in bap_broadcast_assistant | |||||
| CVE-2025-43793 | 2025-09-16 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, which allows remote attackers who control a website that share the same TLD to read cookies set by the application. | |||||
| CVE-2024-6768 | 2025-09-15 | N/A | N/A | ||
| A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function. | |||||
| CVE-2025-2256 | 2025-09-15 | N/A | 7.5 HIGH | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. | |||||
| CVE-2025-10094 | 2025-09-15 | N/A | 6.5 MEDIUM | ||
| An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names. | |||||
| CVE-2025-32689 | 2025-09-09 | N/A | 7.5 HIGH | ||
| Improper Validation of Specified Quantity in Input vulnerability in ThemesGrove WP SmartPay. This issue affects WP SmartPay: from n/a through 2.7.13. | |||||
| CVE-2024-36346 | 2025-09-08 | N/A | 6.0 MEDIUM | ||
| Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition. | |||||
| CVE-2024-3036 | 2025-09-08 | N/A | 5.7 MEDIUM | ||
| Improper Input Validation vulnerability in ABB 800xA Base. An attacker who successfully exploited this vulnerability could cause services to crash by sending specifically crafted messages. This issue affects 800xA Base: from 6.0.0 through 6.1.1-2. | |||||
| CVE-2025-58835 | 2025-09-05 | N/A | 5.3 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Bonus for Woo: from n/a through 7.4.1. | |||||
| CVE-2025-5808 | 2025-08-29 | N/A | N/A | ||
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. | |||||
| CVE-2025-8424 | 2025-08-29 | N/A | N/A | ||
| Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | |||||
| CVE-2025-55398 | 2025-08-26 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed. | |||||
| CVE-2024-31416 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2025-08-26 | N/A | 5.6 MEDIUM |
| The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. | |||||
| CVE-2025-8320 | 1 Tesla | 2 Wall Connector, Wall Connector Firmware | 2025-08-12 | N/A | 8.8 HIGH |
| Tesla Wall Connector Content-Length Header Improper Input Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the HTTP Content-Length header. The issue results from the lack of proper validation of user-supplied data, which can result in memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26300. | |||||
| CVE-2025-4365 | 1 Citrix | 2 Netscaler Console, Netscaler Sdx | 2025-08-06 | N/A | 7.5 HIGH |
| Arbitrary file read in NetScaler Console and NetScaler SDX (SVM) | |||||
| CVE-2025-5349 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-08-06 | N/A | 8.8 HIGH |
| Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | |||||
| CVE-2025-20151 | 1 Cisco | 1 Ios Xe Sd-wan | 2025-08-05 | N/A | 4.3 MEDIUM |
| A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to poll an affected device using SNMP, even if the device is configured to deny SNMP traffic from an unauthorized source or the SNMPv3 username is removed from the configuration. This vulnerability exists because of the way that the SNMPv3 configuration is stored in the Cisco IOS Software and Cisco IOS XE Software startup configuration. An attacker could exploit this vulnerability by polling an affected device from a source address that should have been denied. A successful exploit could allow the attacker to perform SNMP operations from a source that should be denied. Note: The attacker has no control of the SNMPv3 configuration. To exploit this vulnerability, the attacker must have valid SNMPv3 user credentials. For more information, see the section of this advisory. | |||||
| CVE-2025-43881 | 2025-07-25 | N/A | 4.3 MEDIUM | ||
| Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product. | |||||