Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54940 | 2025-08-08 | N/A | N/A | ||
| An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered. | |||||
| CVE-2025-54958 | 2025-08-08 | N/A | N/A | ||
| Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product. | |||||
| CVE-2025-54959 | 2025-08-08 | N/A | N/A | ||
| Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vulnerability is exploited, an arbitrary file in the affected product may be disclosed. | |||||
| CVE-2024-58257 | 2025-08-08 | N/A | N/A | ||
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | |||||
| CVE-2024-58256 | 2025-08-08 | N/A | N/A | ||
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | |||||
| CVE-2024-58255 | 2025-08-08 | N/A | N/A | ||
| EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | |||||
| CVE-2024-49354 | 1 Ibm | 1 Concert | 2025-08-08 | N/A | 7.5 HIGH |
| IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. | |||||
| CVE-2024-47106 | 1 Ibm | 1 Jazz For Service Management | 2025-08-08 | N/A | 7.5 HIGH |
| IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system. | |||||
| CVE-2025-0682 | 1 Themerex | 1 Addons | 2025-08-08 | N/A | 8.8 HIGH |
| The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | |||||
| CVE-2025-22763 | 1 Brizy | 1 Brizy | 2025-08-08 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Brizy Pro allows Reflected XSS. This issue affects Brizy Pro: from n/a through 2.6.1. | |||||
| CVE-2024-31308 | 1 Vjinfotech | 1 Wp Import Export Lite | 2025-08-08 | N/A | 7.2 HIGH |
| Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26. | |||||
| CVE-2024-20429 | 1 Cisco | 7 Asyncos, Secure Email Gateway C195, Secure Email Gateway C395 and 4 more | 2025-08-08 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials. | |||||
| CVE-2024-20435 | 1 Cisco | 8 Asyncos, Secure Web Appliance S196, Secure Web Appliance S396 and 5 more | 2025-08-08 | N/A | 7.8 HIGH |
| A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. | |||||
| CVE-2024-5969 | 1 Coderevolution | 1 Aiomatic | 2025-08-08 | N/A | 5.3 MEDIUM |
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | |||||
| CVE-2023-46175 | 1 Ibm | 1 Cloud Pak For Multicloud Management Monitoring | 2025-08-08 | N/A | 4.9 MEDIUM |
| IBM Cloud Pak for Multicloud Management 2.3 through 2.3 FP8 stores user credentials in a log file plain clear text which can be read by a privileged user. | |||||
| CVE-2024-7594 | 1 Hashicorp | 1 Vault | 2025-08-08 | N/A | 8.8 HIGH |
| Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. | |||||
| CVE-2024-9029 | 1 Freeimage Project | 1 Freeimage | 2025-08-08 | N/A | N/A |
| A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service. | |||||
| CVE-2023-47726 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2025-08-08 | N/A | 8.8 HIGH |
| IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087. | |||||
| CVE-2025-2024 | 1 Trimble | 1 Sketchup | 2025-08-08 | N/A | N/A |
| Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25210. | |||||
| CVE-2025-2233 | 1 Samsung | 1 Smartthings | 2025-08-08 | N/A | N/A |
| Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615. | |||||