Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41185 | 1 Unified-automation | 1 Uagateway | 2025-08-08 | N/A | 7.5 HIGH |
| Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353. | |||||
| CVE-2024-2877 | 1 Hashicorp | 1 Vault | 2025-08-08 | N/A | 5.5 MEDIUM |
| Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. | |||||
| CVE-2023-50228 | 1 Parallels | 1 Parallels Desktop | 2025-08-08 | N/A | N/A |
| Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-21817. | |||||
| CVE-2023-50227 | 1 Parallels | 1 Parallels Desktop | 2025-08-08 | N/A | N/A |
| Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the hypervisor. . Was ZDI-CAN-21260. | |||||
| CVE-2023-50226 | 1 Parallels | 1 Parallels Desktop | 2025-08-08 | N/A | N/A |
| Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to move arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-21227. | |||||
| CVE-2022-43654 | 1 Netgear | 4 Cax30, Cax30 Firmware, Cax30s and 1 more | 2025-08-08 | N/A | N/A |
| NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227. | |||||
| CVE-2023-41183 | 1 Netgear | 2 Rbr760, Rbr760 Firmware | 2025-08-08 | N/A | N/A |
| NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524. | |||||
| CVE-2024-7803 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS. | |||||
| CVE-2024-12093 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | N/A |
| An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions. | |||||
| CVE-2021-34975 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2025-08-08 | N/A | N/A |
| Foxit PDF Reader transitionToState Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of the transitionToState method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15218. | |||||
| CVE-2025-4979 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | |||||
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | |||||
| CVE-2025-2254 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks. | |||||
| CVE-2025-1763 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | N/A |
| An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | |||||
| CVE-2025-1516 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service. | |||||
| CVE-2025-1478 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 7.5 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. | |||||
| CVE-2023-44437 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | N/A |
| Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21540. | |||||
| CVE-2024-3717 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-08 | N/A | 7.5 HIGH |
| The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form. | |||||
| CVE-2025-4439 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks. | |||||
| CVE-2025-0765 | 1 Gitlab | 1 Gitlab | 2025-08-08 | N/A | N/A |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses. | |||||