Total
306531 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9184 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-08-21 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. | |||||
| CVE-2025-9185 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-08-21 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. | |||||
| CVE-2025-53942 | 1 Goauthentik | 1 Authentik | 2025-08-21 | N/A | 7.4 HIGH |
| authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can still retain partial access to the system despite their accounts being deactivated. They end up in a half-authenticated state where they cannot access the API but crucially they can authorize applications if they know the URL of the application. To workaround this issue, developers can add an expression policy to the user login stage on the respective authentication flow with the expression of return request.context["pending_user"].is_active. This modification ensures that the return statement only activates the user login stage when the user is active. This issue is fixed in versions authentik 2025.4.4 and 2025.6.4. | |||||
| CVE-2025-9186 | 1 Mozilla | 1 Firefox | 2025-08-21 | N/A | 6.5 MEDIUM |
| Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. | |||||
| CVE-2025-8361 | 1 Config Pages Project | 1 Config Pages | 2025-08-21 | N/A | 7.6 HIGH |
| Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0. | |||||
| CVE-2025-9187 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-08-21 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. | |||||
| CVE-2025-9169 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9170 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9171 | 1 Solidinvoice | 1 Solidinvoice | 2025-08-21 | 4.0 MEDIUM | 3.5 LOW |
| A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8362 | 1 Googletag Manager Project | 1 Googletag Manager | 2025-08-21 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0. | |||||
| CVE-2025-9132 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-21 | N/A | 8.8 HIGH |
| Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-39954 | 1 Apache | 1 Eventmesh | 2025-08-21 | N/A | 6.3 MEDIUM |
| CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. | |||||
| CVE-2025-24322 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 8.1 HIGH |
| An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted network request can lead to arbitrary code execution. An attacker can browse to the device to trigger this vulnerability. | |||||
| CVE-2025-24496 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2025-27129 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2024-4507 | 1 Ruijie | 54 Rg-uac 6000-cc, Rg-uac 6000-cc Firmware, Rg-uac 6000-e10 and 51 more | 2025-08-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-30256 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 8.6 HIGH |
| A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted series of HTTP requests can lead to a reboot. An attacker can send multiple network packets to trigger this vulnerability. | |||||
| CVE-2025-31355 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 7.2 HIGH |
| A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted malicious file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-32010 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 8.1 HIGH |
| A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP response can lead to arbitrary code execution. An attacker can send an HTTP response to trigger this vulnerability. | |||||
| CVE-2025-55499 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | N/A | 6.5 MEDIUM |
| Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function. | |||||