Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1459 | 1 Siteorigin | 1 Page Builder | 2025-08-12 | N/A | 5.4 MEDIUM |
| The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Embedded Video(PB) widget in all versions up to, and including, 2.31.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-13526 | 1 Metagauss | 1 Eventprime | 2025-08-12 | N/A | 4.3 MEDIUM |
| The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download list of attendees for any event. | |||||
| CVE-2024-12409 | 1 Simplepress | 1 Simplepress | 2025-08-12 | N/A | N/A |
| The Simple:Press Forum plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 6.10.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2023-38114 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-12 | N/A | N/A |
| Foxit PDF Reader AcroForm Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21085. | |||||
| CVE-2025-23333 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-08-12 | N/A | 7.5 HIGH |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-23335 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-08-12 | N/A | 7.5 HIGH |
| NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2025-23334 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-08-12 | N/A | 7.5 HIGH |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-47808 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-12 | N/A | N/A |
| In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | |||||
| CVE-2025-47219 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-12 | N/A | N/A |
| In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure. | |||||
| CVE-2025-47183 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-12 | N/A | N/A |
| In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. | |||||
| CVE-2025-47806 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-12 | N/A | N/A |
| In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash. | |||||
| CVE-2025-47807 | 1 Gstreamer Project | 1 Gstreamer | 2025-08-12 | N/A | 5.5 MEDIUM |
| In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash. | |||||
| CVE-2025-24844 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-24925 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-25212 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input. | |||||
| CVE-2025-24298 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 7.8 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | |||||
| CVE-2025-26690 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | |||||
| CVE-2025-27536 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion. | |||||
| CVE-2025-27128 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 7.8 HIGH |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free. | |||||
| CVE-2025-27562 | 1 Openatom | 1 Openharmony | 2025-08-12 | N/A | 5.5 MEDIUM |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||