Total
33519 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2024-3717 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-08 | N/A | 5.3 MEDIUM |
| The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form. | |||||
| CVE-2025-1908 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.7 HIGH |
| An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | |||||
| CVE-2024-45663 | 1 Ibm | 1 Db2 | 2025-08-08 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||||
| CVE-2024-5969 | 1 Coderevolution | 1 Aiomatic | 2025-08-08 | N/A | 5.8 MEDIUM |
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | |||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-2469 | 1 Gitlab | 1 Gitlab | 2025-08-07 | N/A | 3.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | |||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | N/A | 5.4 MEDIUM |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | |||||
| CVE-2025-3777 | 1 Huggingface | 1 Transformers | 2025-08-07 | N/A | 3.5 LOW |
| Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1. | |||||
| CVE-2024-2878 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names. | |||||
| CVE-2024-6356 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.4 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot. | |||||
| CVE-2024-8266 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.4 MEDIUM |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances. | |||||
| CVE-2024-7102 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 9.6 CRITICAL |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances. | |||||
| CVE-2025-1212 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 4.3 MEDIUM |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information. | |||||
| CVE-2024-3303 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 6.4 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection. | |||||
| CVE-2025-0320 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | |||||
| CVE-2025-1222 | 2 Apple, Citrix | 2 Macos, Secure Access Client | 2025-08-06 | N/A | 6.1 MEDIUM |
| An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | |||||
| CVE-2025-6759 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | |||||
| CVE-2025-4879 | 1 Citrix | 1 Workspace | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||
| CVE-2024-1410 | 1 Cloudflare | 1 Quiche | 2025-08-06 | N/A | 3.7 LOW |
| Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions. | |||||