Total
306554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54628 | 2025-08-06 | N/A | 5.3 MEDIUM | ||
| Vulnerability of incomplete verification information in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-21465 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| Information disclosure while processing the hash segment in an MBN file. | |||||
| CVE-2025-6994 | 2025-08-06 | N/A | 9.8 CRITICAL | ||
| The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. | |||||
| CVE-2025-46391 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| CWE-284: Improper Access Control | |||||
| CVE-2025-6256 | 2025-08-06 | N/A | 6.4 MEDIUM | ||
| The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘thumbnailHoverEffect’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-51306 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management. | |||||
| CVE-2025-7376 | 2025-08-06 | N/A | 5.9 MEDIUM | ||
| Windows Shortcut Following (.LNK) vulnerability in multiple processes of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric MC Works64 all versions, and Mitsubishi Electric GENESIS version 11.00 allows a local authenticated attacker to make an unauthorized write to arbitrary files, by creating a symbolic link from a file used as a write destination by the processes of the affected products to a target file. This could allow the attacker to destroy the file on a PC with the affected products installed, resulting in a denial-of-service (DoS) condition on the PC if the destroyed file is necessary for the operation of the PC. | |||||
| CVE-2025-21014 | 2025-08-06 | N/A | 4.3 MEDIUM | ||
| Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2025-54613 | 2025-08-06 | N/A | 5.9 MEDIUM | ||
| Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2025-46390 | 2025-08-06 | N/A | 7.5 HIGH | ||
| CWE-204: Observable Response Discrepancy | |||||
| CVE-2025-54640 | 2025-08-06 | N/A | 5.5 MEDIUM | ||
| ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions. | |||||
| CVE-2025-27062 | 2025-08-06 | N/A | 7.8 HIGH | ||
| Memory corruption while handling client exceptions, allowing unauthorized channel access. | |||||
| CVE-2025-54873 | 2025-08-06 | N/A | N/A | ||
| RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages. | |||||
| CVE-2025-8616 | 2025-08-06 | N/A | N/A | ||
| A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0. | |||||
| CVE-2025-21012 | 2025-08-06 | N/A | 5.5 MEDIUM | ||
| Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration. | |||||
| CVE-2025-7727 | 2025-08-06 | N/A | 6.4 MEDIUM | ||
| The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Animated Text and Fun Fact blocks in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-20331 | 2025-08-06 | N/A | 5.4 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on the affected device. | |||||
| CVE-2025-51308 | 2025-08-06 | N/A | 5.3 MEDIUM | ||
| In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to collect some information, due to missing authorization checks. | |||||
| CVE-2025-21022 | 2025-08-06 | N/A | 3.3 LOW | ||
| Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. | |||||
| CVE-2025-8667 | 2025-08-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||