Total
306740 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46354 | 1 Bloomberg | 1 Comdb2 | 2025-08-22 | N/A | 7.5 HIGH |
| A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2025-48498 | 1 Bloomberg | 1 Comdb2 | 2025-08-22 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. | |||||
| CVE-2025-35966 | 1 Bloomberg | 1 Comdb2 | 2025-08-22 | N/A | 7.5 HIGH |
| A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. | |||||
| CVE-2025-50738 | 1 Usememos | 1 Memos | 2025-08-22 | N/A | 9.8 CRITICAL |
| The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user's IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking. | |||||
| CVE-2023-32701 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-08-22 | N/A | 7.1 HIGH |
| Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. | |||||
| CVE-2021-32025 | 1 Blackberry | 4 Qnx Momentics, Qnx Os For Medical, Qnx Os For Safety and 1 more | 2025-08-22 | 7.2 HIGH | 8.1 HIGH |
| An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. | |||||
| CVE-2021-22156 | 1 Blackberry | 3 Qnx Os For Medical, Qnx Os For Safety, Qnx Software Development Platform | 2025-08-22 | 6.8 MEDIUM | 9.0 CRITICAL |
| An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code. | |||||
| CVE-2020-6932 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-08-22 | 10.0 HIGH | 10.0 CRITICAL |
| An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server. | |||||
| CVE-2019-8998 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-08-22 | 4.6 MEDIUM | 7.8 HIGH |
| An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space. | |||||
| CVE-2024-29072 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-22 | N/A | 8.2 HIGH |
| A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | |||||
| CVE-2025-24798 | 1 Meshtastic | 1 Meshtastic Firmware | 2025-08-22 | N/A | 4.3 MEDIUM |
| Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This vulnerability is fixed in 2.6.2. | |||||
| CVE-2025-53637 | 1 Meshtastic | 1 Meshtastic Firmware | 2025-08-22 | N/A | 4.1 MEDIUM |
| Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part, user-controlled input is interpolated unsafely into the code. If this were to be exploited, attackers could inject unauthorized code into the repository. This vulnerability is fixed in 2.6.6. | |||||
| CVE-2024-47065 | 1 Meshtastic | 1 Meshtastic Firmware | 2025-08-22 | N/A | 6.5 MEDIUM |
| Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously respond. You could easily get 100 samples in a short amount of time (estimated 2 minutes), whereas passively doing the same could take hours or days. There are secondary effects that non-ratelimited traceroute does also allow a 2:1 reflected DoS of the network as well, but these concerns are less than the problem with positional confidentiality (other DoS routes exist). This vulnerability is fixed in 2.5.1. | |||||
| CVE-2025-27401 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 4.6 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. In a standard usages of Tuleap, the issue has a limited impact, it will mostly leave dangling data. However, a malicious user could create and delete reports multiple times to cycle through all the filters of all reports of the instance and delete them. The malicious user only needs to have access to one tracker. This would result in the loss of all criteria filters forcing users and tracker admins to re-create them. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740498975 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. | |||||
| CVE-2025-24029 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 5.3 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition 16.3.99.1737562605 as well as Tuleap Enterprise Edition 16.3-5 and Tuleap Enterprise Edition 16.2-7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-36123 | 1 Starcitizen.tools | 1 Citizen | 2025-08-22 | N/A | 6.5 MEDIUM |
| Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0. | |||||
| CVE-2025-27156 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 4.1 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. | |||||
| CVE-2025-27150 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 5.3 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition 16.4-6 and 16.3-11. | |||||
| CVE-2022-1242 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-22 | N/A | 7.8 HIGH |
| Apport can be tricked into connecting to arbitrary sockets as the root user | |||||
| CVE-2024-37167 | 1 Enalean | 1 Tuleap | 2025-08-22 | N/A | 4.3 MEDIUM |
| Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97. | |||||