Total
307031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21022 | 2025-08-06 | N/A | 3.3 LOW | ||
| Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. | |||||
| CVE-2025-8667 | 2025-08-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-46389 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| CWE-620: Unverified Password Change | |||||
| CVE-2025-50233 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information. | |||||
| CVE-2025-54644 | 2025-08-06 | N/A | 6.6 MEDIUM | ||
| Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-21464 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| Information disclosure while reading data from an image using specified offset and size parameters. | |||||
| CVE-2025-6013 | 2025-08-06 | N/A | 6.5 MEDIUM | ||
| Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24. | |||||
| CVE-2025-54883 | 2025-08-06 | N/A | N/A | ||
| Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui <= 1.4.0) contains a critical cryptographic weakness. Due to a silent 32-bit integer overflow in its internal masking logic, the function fails to produce a uniform distribution of random numbers when the requested range between min and max is larger than 2³². The root cause is the use of a 32-bit bitwise left-shift operation (<<) to generate a bitmask for the rejection sampling algorithm. This causes the mask to be incorrect for any range requiring 32 or more bits of entropy. This issue is fixed in version 1.5.0. | |||||
| CVE-2025-54630 | 2025-08-06 | N/A | 6.8 MEDIUM | ||
| :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-46388 | 2025-08-06 | N/A | 4.3 MEDIUM | ||
| CWE-200 Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2025-21015 | 2025-08-06 | N/A | 4.0 MEDIUM | ||
| Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | |||||
| CVE-2025-21016 | 2025-08-06 | N/A | 4.3 MEDIUM | ||
| Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. | |||||
| CVE-2025-7771 | 2025-08-06 | N/A | N/A | ||
| ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions. | |||||
| CVE-2025-51040 | 2025-08-06 | N/A | 7.5 HIGH | ||
| Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2. | |||||
| CVE-2025-54650 | 2025-08-06 | N/A | 4.2 MEDIUM | ||
| Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function. | |||||
| CVE-2025-54612 | 2025-08-06 | N/A | 5.9 MEDIUM | ||
| Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2025-8665 | 2025-08-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the component Model Context Protocol Handler. The manipulation of the argument command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-21013 | 2025-08-06 | N/A | 6.2 MEDIUM | ||
| Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time. | |||||
| CVE-2025-7399 | 2025-08-06 | N/A | 6.4 MEDIUM | ||
| The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-5197 | 2025-08-06 | N/A | 5.3 MEDIUM | ||
| A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats. | |||||