Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6625 | 2025-08-18 | N/A | N/A | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device. | |||||
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | N/A | 6.5 MEDIUM |
| Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | |||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-8963 | 2025-08-15 | N/A | 6.3 MEDIUM | ||
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | |||||
| CVE-2025-20148 | 2025-08-15 | N/A | 8.5 HIGH | ||
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by submitting malicious content to an affected device and using the device to generate a document that contains sensitive information. A successful exploit could allow the attacker to alter the standard layout of the device-generated documents, read arbitrary files from the underlying operating system, and conduct server-side request forgery (SSRF) attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Security Analyst (Read Only). | |||||
| CVE-2025-7507 | 2025-08-15 | N/A | 6.4 MEDIUM | ||
| The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain. | |||||
| CVE-2021-27922 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27921 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2021-27923 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2025-08-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | |||||
| CVE-2025-54785 | 1 Salesagility | 1 Suitecrm | 2025-08-13 | N/A | N/A |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. This issue is fixed in version 7.14.7 and 8.8.1. | |||||
| CVE-2025-52894 | 1 Openbao | 1 Openbao | 2025-08-12 | N/A | 7.5 HIGH |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service. In OpenBao v2.2.0 and later, manually setting the configuration option `disable_unauthed_rekey_endpoints=true` allows an operator to deny these rarely-used endpoints on global listeners. A patch is available at commit fe75468822a22a88318c6079425357a02ae5b77b. In a future OpenBao release communicated on OpenBao's website, the maintainers will set this to `true` for all users and provide an authenticated alternative. As a workaround, if an active proxy or load balancer sits in front of OpenBao, an operator can deny requests to these endpoints from unauthorized IP ranges. | |||||
| CVE-2025-25005 | 2025-08-12 | N/A | 6.5 MEDIUM | ||
| Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | |||||
| CVE-2025-24486 | 2025-08-12 | N/A | N/A | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-21086 | 2025-08-12 | N/A | N/A | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege. | |||||
| CVE-2025-32004 | 2025-08-12 | N/A | N/A | ||
| Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24484 | 2025-08-12 | N/A | N/A | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-27537 | 2025-08-12 | N/A | N/A | ||
| Improper input validation for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-24296 | 2025-08-12 | N/A | N/A | ||
| Improper input validation in some firmware for the Intel(R) E810 Ethernet before version 4.6 may allow a privileged user to enable denial of service via local access. | |||||
| CVE-2025-24325 | 2025-08-12 | N/A | N/A | ||
| Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-25212 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | |||||