Total
306742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3303 | 1 Gitlab | 1 Gitlab | 2025-08-06 | N/A | 6.4 MEDIUM |
| An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection. | |||||
| CVE-2025-50200 | 1 Broadcom | 1 Rabbitmq Server | 2025-08-06 | N/A | 5.5 MEDIUM |
| RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8. | |||||
| CVE-2023-2794 | 2 Fedoraproject, Ofono Project | 2 Fedora, Ofono | 2025-08-06 | N/A | 8.1 HIGH |
| A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver(). | |||||
| CVE-2013-10069 | 2025-08-06 | N/A | N/A | ||
| The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to spawn a Telnet service on a specified port, enabling persistent interactive shell access as root. | |||||
| CVE-2013-10067 | 2025-08-06 | N/A | N/A | ||
| Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution. | |||||
| CVE-2012-10030 | 2025-08-06 | N/A | N/A | ||
| FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction. | |||||
| CVE-2012-10023 | 2025-08-06 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication. | |||||
| CVE-2025-36557 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2025-08-06 | N/A | 7.5 HIGH |
| When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-53629 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 7.5 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628. | |||||
| CVE-2025-53628 | 1 Yhirose | 1 Cpp-httplib | 2025-08-06 | N/A | 8.8 HIGH |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629. | |||||
| CVE-2025-26621 | 1 Citeum | 1 Opencti | 2025-08-06 | N/A | 7.6 HIGH |
| OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue. | |||||
| CVE-2025-4365 | 1 Citrix | 2 Netscaler Console, Netscaler Sdx | 2025-08-06 | N/A | 7.5 HIGH |
| Arbitrary file read in NetScaler Console and NetScaler SDX (SVM) | |||||
| CVE-2025-5349 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-08-06 | N/A | 8.8 HIGH |
| Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | |||||
| CVE-2025-48952 | 1 Netalertx | 1 Netalertx | 2025-08-06 | N/A | 9.4 CRITICAL |
| NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability. | |||||
| CVE-2024-42655 | 1 Emqx | 1 Nanomq | 2025-08-06 | N/A | 8.8 HIGH |
| An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. | |||||
| CVE-2025-0320 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | |||||
| CVE-2025-1223 | 2 Apple, Citrix | 2 Macos, Secure Access Client | 2025-08-06 | N/A | 6.1 MEDIUM |
| An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | |||||
| CVE-2025-1222 | 2 Apple, Citrix | 2 Macos, Secure Access Client | 2025-08-06 | N/A | 6.1 MEDIUM |
| An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac | |||||
| CVE-2025-6759 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | |||||
| CVE-2025-4879 | 1 Citrix | 1 Workspace | 2025-08-06 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||