Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8752 | 2025-08-11 | N/A | N/A | ||
| A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2025-8750 | 2025-08-11 | N/A | N/A | ||
| A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-43652 | 1 Bentley | 1 View | 2025-08-11 | N/A | 5.5 MEDIUM |
| Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18981. | |||||
| CVE-2022-43651 | 1 Bentley | 1 View | 2025-08-11 | N/A | N/A |
| Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18960. | |||||
| CVE-2022-43653 | 1 Bentley | 1 View | 2025-08-11 | N/A | N/A |
| Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084. | |||||
| CVE-2022-43655 | 1 Bentley | 1 View | 2025-08-11 | N/A | N/A |
| Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18491. | |||||
| CVE-2025-51532 | 2025-08-11 | N/A | N/A | ||
| Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025. | |||||
| CVE-2024-27499 | 1 Webkul | 1 Bagisto | 2025-08-11 | N/A | N/A |
| Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. | |||||
| CVE-2025-51531 | 2025-08-11 | N/A | N/A | ||
| A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025. | |||||
| CVE-2025-38213 | 2025-08-11 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2024-48729 | 2025-08-11 | N/A | N/A | ||
| An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component. | |||||
| CVE-2022-50031 | 2025-08-11 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-54642 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 5.5 MEDIUM |
| Issue of buffer overflow caused by insufficient data verification in the kernel gyroscope module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54641 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 5.5 MEDIUM |
| Issue of buffer overflow caused by insufficient data verification in the kernel acceleration module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54637 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 5.5 MEDIUM |
| Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54638 | 1 Huawei | 1 Harmonyos | 2025-08-11 | N/A | N/A |
| Issue of inconsistent read/write serialization in the ad module. Impact: Successful exploitation of this vulnerability may affect the availability of the ad service. | |||||
| CVE-2025-54636 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-11 | N/A | 5.5 MEDIUM |
| Issue of buffer overflow caused by insufficient data verification in the kernel drop detection module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54635 | 1 Huawei | 1 Harmonyos | 2025-08-11 | N/A | 7.5 HIGH |
| Vulnerability of returning released pointers in the distributed notification service. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-54633 | 1 Huawei | 1 Harmonyos | 2025-08-11 | N/A | 4.4 MEDIUM |
| Out-of-bounds read vulnerability in the register configuration of the DMA module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-54634 | 1 Huawei | 1 Harmonyos | 2025-08-11 | N/A | 5.5 MEDIUM |
| Vulnerability of improper processing of abnormal conditions in huge page separation. Impact: Successful exploitation of this vulnerability may affect availability. | |||||