Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53077 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | N/A |
| An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability. | |||||
| CVE-2025-53078 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system | |||||
| CVE-2025-4370 | 1 Brizy | 1 Brizy | 2025-08-11 | N/A | 5.3 MEDIUM |
| The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server. | |||||
| CVE-2025-8283 | 1 Redhat | 2 Enterprise Linux, Openshift Container Platform | 2025-08-11 | N/A | 3.7 LOW |
| A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers. | |||||
| CVE-2025-8279 | 1 Gitlab | 1 Language Server | 2025-08-11 | N/A | 9.8 CRITICAL |
| Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution | |||||
| CVE-2025-8183 | 1 D3tn | 1 Ud3tn | 2025-08-11 | N/A | N/A |
| NULL Pointer Dereference in µD3TN via non-singleton destination Endpoint Identifier allows remote attacker to reliably cause DoS | |||||
| CVE-2019-25224 | 1 Wpseeds | 1 Wp Database Backup | 2025-08-11 | N/A | 9.8 CRITICAL |
| The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system. | |||||
| CVE-2025-5084 | 1 Addonmaster | 1 Post Grid Master | 2025-08-11 | N/A | 6.1 MEDIUM |
| The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray['read_more_text']’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2025-33109 | 1 Ibm | 1 I | 2025-08-11 | N/A | 8.8 HIGH |
| IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions. | |||||
| CVE-2025-33020 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-11 | N/A | 7.5 HIGH |
| IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information. | |||||
| CVE-2025-52082 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-08-11 | N/A | N/A |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter. | |||||
| CVE-2025-52080 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-08-11 | N/A | N/A |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter. | |||||
| CVE-2025-5495 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-08-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. | |||||
| CVE-2025-5990 | 1 Craftycontrol | 1 Crafty Controller | 2025-08-11 | N/A | 5.4 MEDIUM |
| An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input. | |||||
| CVE-2025-1411 | 1 Ibm | 1 Security Verify Directory | 2025-08-11 | N/A | 7.8 HIGH |
| IBM Security Verify Directory Container 10.0.0.0 through 10.0.3.1 could allow a local user to execute commands as root due to execution with unnecessary privileges. | |||||
| CVE-2025-32797 | 1 Anaconda | 1 Conda-build | 2025-08-11 | N/A | 7.0 HIGH |
| Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, The write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window. | |||||
| CVE-2025-3515 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-11 | N/A | 9.8 CRITICAL |
| The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter. | |||||
| CVE-2025-4655 | 2025-08-11 | N/A | N/A | ||
| SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs. | |||||
| CVE-2025-8765 | 2025-08-11 | N/A | 3.5 LOW | ||
| A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2012-10037 | 2025-08-11 | N/A | N/A | ||
| PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required. | |||||