Total
10465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-43375 | 1 Apple | 1 Xcode | 2025-09-30 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |||||
| CVE-2024-1714 | 1 Sailpoint | 1 Identityiq | 2025-09-30 | N/A | 7.1 HIGH |
| An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request. | |||||
| CVE-2020-27337 | 1 Treck | 1 Ipv6 | 2025-09-30 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access. | |||||
| CVE-2025-43372 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-09-30 | N/A | 7.8 HIGH |
| The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | |||||
| CVE-2020-27336 | 1 Treck | 1 Ipv6 | 2025-09-30 | 5.0 MEDIUM | 3.7 LOW |
| An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access. | |||||
| CVE-2024-39950 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2025-09-30 | N/A | 8.6 HIGH |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization. | |||||
| CVE-2024-39949 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2025-09-30 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-39948 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2025-09-30 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-39944 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2025-09-30 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2025-11135 | 2025-09-29 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument user_id results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-28049 | 1 Intel | 14 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 11 more | 2025-09-29 | N/A | 5.7 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | |||||
| CVE-2024-47175 | 2 Debian, Openprinting | 2 Debian Linux, Libppd | 2025-09-29 | N/A | 8.6 HIGH |
| CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. | |||||
| CVE-2024-47076 | 1 Openprinting | 1 Libcupsfilters | 2025-09-29 | N/A | 8.6 HIGH |
| CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. | |||||
| CVE-2025-59535 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-09-29 | N/A | 6.5 MEDIUM |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0. | |||||
| CVE-2025-10975 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | |||||
| CVE-2025-10974 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | |||||
| CVE-2025-10965 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10950 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-23336 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-09-25 | N/A | 4.4 MEDIUM |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2024-23198 | 1 Intel | 14 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 11 more | 2025-09-25 | N/A | 6.6 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | |||||