Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20898 | 1 Samsung | 1 Members | 2025-07-17 | N/A | N/A |
| Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles. | |||||
| CVE-2025-20894 | 1 Samsung | 1 Email | 2025-07-17 | N/A | N/A |
| Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles. | |||||
| CVE-2025-2942 | 1 Tychesoftwares | 1 Order Delivery Date For Woocommerce | 2025-07-17 | N/A | N/A |
| The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve such information | |||||
| CVE-2025-21002 | 1 Samsung | 1 Android | 2025-07-16 | N/A | 5.5 MEDIUM |
| Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast. | |||||
| CVE-2025-20971 | 1 Samsung | 1 Flow | 2025-07-16 | N/A | N/A |
| Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow. | |||||
| CVE-2024-42646 | 1 Emqx | 1 Nanomq | 2025-07-16 | N/A | 7.5 HIGH |
| A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages. | |||||
| CVE-2025-20924 | 1 Samsung | 1 Notes | 2025-07-16 | N/A | N/A |
| Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. | |||||
| CVE-2024-0909 | 1 Cayenne | 1 Anonymous Restricted Content | 2025-07-16 | N/A | 7.5 HIGH |
| The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. | |||||
| CVE-2018-8327 | 1 Microsoft | 2 Powershell, Powershell Editor Services | 2025-07-16 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. | |||||
| CVE-2021-26700 | 1 Microsoft | 1 Npm | 2025-07-16 | 6.8 MEDIUM | N/A |
| Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | |||||
| CVE-2025-31672 | 2 Apache, Netapp | 2 Poi, Active Iq Unified Manager | 2025-07-15 | N/A | N/A |
| Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in the zip. In this case, products reading the affected file could read different data because 1 of the zip entries with the duplicate name is selected over another but different products may choose a different zip entry. This issue affects Apache POI poi-ooxml before 5.4.0. poi-ooxml 5.4.0 has a check that throws an exception if zip entries with duplicate file names are found in the input file. Users are recommended to upgrade to version poi-ooxml 5.4.0, which fixes the issue. Please read https://poi.apache.org/security.html for recommendations about how to use the POI libraries securely. | |||||
| CVE-2024-49050 | 1 Microsoft | 1 Python | 2025-07-15 | N/A | 8.8 HIGH |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||||
| CVE-2020-17163 | 1 Microsoft | 1 Python | 2025-07-15 | N/A | 7.8 HIGH |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||||
| CVE-2025-30281 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2025-43559 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | |||||
| CVE-2025-43563 | 1 Adobe | 1 Coldfusion | 2025-07-15 | N/A | 9.1 CRITICAL |
| ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. A high-privileged attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction, and scope is changed. | |||||
| CVE-2025-3067 | 1 Google | 2 Android, Chrome | 2025-07-15 | N/A | N/A |
| Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) | |||||
| CVE-2024-1968 | 1 Scrapy | 1 Scrapy | 2025-07-15 | N/A | N/A |
| In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme (e.g., HTTPS to HTTP) but remain within the same domain. This behavior contravenes the Fetch standard, which mandates the removal of Authorization headers in cross-origin requests when the scheme, host, or port changes. Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. The flaw is located in the _build_redirect_request function of the redirect middleware. | |||||
| CVE-2024-8613 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-15 | N/A | 8.8 HIGH |
| A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of other users. | |||||
| CVE-2024-5216 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-15 | N/A | N/A |
| A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. The impact of this vulnerability includes administrative paralysis, compromised security, and operational disruption, as it allows malicious users to perpetuate their presence within the system indefinitely, undermines the system's security posture, and degrades overall system performance. | |||||