Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53191 | 2025-08-11 | N/A | N/A | ||
| Missing Authentication for Critical Function vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01. | |||||
| CVE-2025-48731 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint. | |||||
| CVE-2025-54463 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. | |||||
| CVE-2025-54478 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint. | |||||
| CVE-2025-44001 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint. | |||||
| CVE-2025-8285 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint. | |||||
| CVE-2025-8745 | 2025-08-11 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54458 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the Confluence space which allows attackers to create a subscription for a Confluence space the user does not have access to via the create subscription endpoint. | |||||
| CVE-2025-44004 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint. | |||||
| CVE-2025-49221 | 2025-08-11 | N/A | N/A | ||
| Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint. | |||||
| CVE-2025-53189 | 2025-08-11 | N/A | N/A | ||
| Authorization Bypass Through User-Controlled Key vulnerability in ABB Aspect.This issue affects Aspect: from o before <3.08.04-s01. | |||||
| CVE-2025-25229 | 2025-08-11 | N/A | N/A | ||
| Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources. | |||||
| CVE-2025-53188 | 2025-08-11 | N/A | N/A | ||
| Insufficiently Protected Credentials vulnerability in ABB Aspect.This issue affects Aspect: before <3.08.04-s01. | |||||
| CVE-2025-6997 | 1 Themerex | 1 Addons | 2025-08-11 | N/A | 5.4 MEDIUM |
| The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trx_addons_get_svg_from_file() function on an unvalidated 'svg' parameter supplied via the shortcode or Elementor widget settings, then outputs it via the trx_addons_show_layout() function. Because there is no check on the URL’s origin, scheme, or the SVG content itself, authenticated attackers, with Contributor-level access and above, can supply a remote SVG and inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2025-7222 | 1 Luxion | 1 Keyshot | 2025-08-11 | N/A | N/A |
| Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26473. | |||||
| CVE-2025-53082 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 9.1 CRITICAL |
| An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. | |||||
| CVE-2025-7458 | 1 Sqlite | 1 Sqlite | 2025-08-11 | N/A | 9.1 CRITICAL |
| An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause. | |||||
| CVE-2025-53081 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 9.1 CRITICAL |
| An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. | |||||
| CVE-2025-53080 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 6.5 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem | |||||
| CVE-2025-53079 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | N/A |
| Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files | |||||