Total
3079 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24313 | 2025-08-13 | N/A | 4.4 MEDIUM | ||
| Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2025-24840 | 2025-08-13 | N/A | 5.8 MEDIUM | ||
| Improper access control for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-20099 | 2025-08-13 | N/A | 6.7 MEDIUM | ||
| Improper access control for some Intel(R) Rapid Storage Technology installation software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24323 | 2025-08-13 | N/A | 6.5 MEDIUM | ||
| Improper access control in some firmware package and LED mode toggle tool for some Intel(R) PCIe Switch software before version MR4_1.0b1 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-8762 | 2025-08-13 | 7.2 HIGH | 6.8 MEDIUM | ||
| A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-55012 | 2025-08-12 | N/A | N/A | ||
| Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific configuration file, leading to the execution of arbitrary commands on a victim's machine without the explicit approval that would otherwise be required. This vulnerability has been patched in version 0.197.3. A workaround for this issue involves either avoid sending prompts to the Agent Panel, or to limit the AI Agent's file system access. | |||||
| CVE-2025-49591 | 1 Xwiki | 1 Cryptpad | 2025-08-11 | N/A | 9.1 CRITICAL |
| CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0. | |||||
| CVE-2024-23351 | 1 Qualcomm | 188 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 185 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory corruption as GPU registers beyond the last protected range can be accessed through LPAC submissions. | |||||
| CVE-2024-49842 | 1 Qualcomm | 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. | |||||
| CVE-2025-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. | |||||
| CVE-2025-21469 | 1 Qualcomm | 40 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 37 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. | |||||
| CVE-2025-54397 | 1 Netwrix | 1 Directory Manager | 2025-08-11 | N/A | 4.3 MEDIUM |
| Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users. | |||||
| CVE-2025-8738 | 2025-08-08 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8504 | 1 Anisha | 1 Kitchen Treasure | 2025-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-34753 | 1 Cisco | 1 Firepower Threat Defense Software | 2025-08-07 | N/A | 5.8 MEDIUM |
| A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet. | |||||
| CVE-2025-44657 | 1 Linksys | 2 Ea6350, Ea6350 Firmware | 2025-08-07 | N/A | 3.9 LOW |
| In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks. | |||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | 5.4 MEDIUM |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | |||||
| CVE-2025-46391 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| CWE-284: Improper Access Control | |||||
| CVE-2025-27062 | 2025-08-06 | N/A | 7.8 HIGH | ||
| Memory corruption while handling client exceptions, allowing unauthorized channel access. | |||||
| CVE-2025-30127 | 2025-08-06 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779. | |||||