Total
306531 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21012 | 2025-08-06 | N/A | 5.5 MEDIUM | ||
| Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration. | |||||
| CVE-2025-7727 | 2025-08-06 | N/A | 6.4 MEDIUM | ||
| The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-20331 | 2025-08-06 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on the affected device. | |||||
| CVE-2025-51308 | 2025-08-06 | N/A | 5.3 MEDIUM | ||
| In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks. | |||||
| CVE-2025-21022 | 2025-08-06 | N/A | 3.3 LOW | ||
| Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. | |||||
| CVE-2025-8667 | 2025-08-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-46389 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| CWE-620: Unverified Password Change | |||||
| CVE-2025-50233 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information. | |||||
| CVE-2025-54644 | 2025-08-06 | N/A | 6.6 MEDIUM | ||
| Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-21464 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| Information disclosure while reading data from an image using specified offset and size parameters. | |||||
| CVE-2025-6013 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24. | |||||
| CVE-2025-54883 | 2025-08-06 | N/A | N/A | ||
| Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical cryptographic weakness. Due to a silent 32-bit integer overflow in its internal masking logic, the function fails to produce a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm. This causes the mask to be incorrect for any range requiring 32 or more bits of entropy. This issue is fixed in version 1.5.0. | |||||
| CVE-2025-54630 | 2025-08-06 | N/A | 6.8 MEDIUM | ||
| :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-46388 | 2025-08-06 | N/A | 4.3 MEDIUM | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2025-21015 | 2025-08-06 | N/A | 4.0 MEDIUM | ||
| Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | |||||
| CVE-2025-21016 | 2025-08-06 | N/A | 4.3 MEDIUM | ||
| Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. | |||||
| CVE-2025-7771 | 2025-08-06 | N/A | N/A | ||
| ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions. | |||||
| CVE-2025-51040 | 2025-08-06 | N/A | 7.5 HIGH | ||
| Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2. | |||||
| CVE-2025-54650 | 2025-08-06 | N/A | 4.2 MEDIUM | ||
| Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function. | |||||
| CVE-2025-54612 | 2025-08-06 | N/A | 5.9 MEDIUM | ||
| Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability. | |||||