Total
32012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36848 | 1 Boldgrid | 1 Total Upkeep | 2025-07-29 | N/A | 7.5 HIGH |
| The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them. | |||||
| CVE-2024-2217 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-29 | N/A | 7.5 HIGH |
| gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | |||||
| CVE-2023-5058 | 1 Phoenix | 1 Securecore Technology | 2025-07-28 | N/A | 7.8 HIGH |
| Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | |||||
| CVE-2025-7001 | 1 Gitlab | 1 Gitlab | 2025-07-28 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. | |||||
| CVE-2025-3891 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2025-07-28 | N/A | 7.5 HIGH |
| A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. | |||||
| CVE-2025-4976 | 1 Gitlab | 1 Gitlab | 2025-07-28 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses. | |||||
| CVE-2024-25616 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 3.7 LOW |
| Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | |||||
| CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2025-07-25 | N/A | 8.8 HIGH |
| Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | |||||
| CVE-2024-5491 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-25 | N/A | 7.5 HIGH |
| Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler | |||||
| CVE-2025-50068 | 1 Oracle | 1 Mysql Cluster | 2025-07-24 | N/A | 6.7 MEDIUM |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2010-0425 | 5 Apache, Broadcom, Ibm and 2 more | 6 Http Server, Vmware Ace Management Server, Http Server and 3 more | 2025-07-24 | 10.0 HIGH | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | |||||
| CVE-2024-22013 | 1 Google | 6 Nest Wifi Point, Nest Wifi Point Firmware, Nest Wifi Pro and 3 more | 2025-07-24 | N/A | 5.3 MEDIUM |
| U-Boot environment is read from unauthenticated partition. | |||||
| CVE-2024-47030 | 1 Google | 1 Android | 2025-07-24 | N/A | 5.1 MEDIUM |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. | |||||
| CVE-2024-47031 | 1 Google | 1 Android | 2025-07-24 | N/A | 7.4 HIGH |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. | |||||
| CVE-2024-11407 | 1 Grpc | 1 Grpc | 2025-07-23 | N/A | 7.5 HIGH |
| There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 | |||||
| CVE-2024-11498 | 1 Libjxl Project | 1 Libjxl | 2025-07-23 | N/A | 7.5 HIGH |
| There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0. | |||||
| CVE-2024-38327 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | N/A | 6.8 MEDIUM |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. | |||||
| CVE-2023-20055 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | N/A | 8.0 HIGH |
| A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials. | |||||
| CVE-2024-5899 | 1 Google | 3 Bazel For Android Studio, Bazel For Clion, Bazel For Intellij | 2025-07-23 | N/A | 3.3 LOW |
| When Bazel Plugin in intellij imports a project (either using "import project" or "Auto import") the dialog for trusting the project is not displayed. This comes from the fact that both call the method ProjectBuilder.createProject which then calls ProjectManager.getInstance().createProject. This method, as its name suggests is intended to create a new project, not to import an existing one. We recommend upgrading to version 2024.06.04.0.2 or beyond for the IntelliJ, CLion and Android Studio Bazel plugins. | |||||
| CVE-2024-32923 | 1 Google | 1 Android | 2025-07-22 | N/A | 4.0 MEDIUM |
| there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||