Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-55401 | 2025-08-07 | N/A | N/A | ||
| An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal. | |||||
| CVE-2025-55137 | 2025-08-07 | N/A | N/A | ||
| LinkJoin through 882f196 mishandles lacks type checking in password reset. | |||||
| CVE-2025-55136 | 2025-08-07 | N/A | N/A | ||
| ERC (aka Emotion Recognition in Conversation) through 0.3 has insecure deserialization via a serialized object because jsonpickle is used. | |||||
| CVE-2025-51629 | 2025-08-07 | N/A | N/A | ||
| A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter. | |||||
| CVE-2025-51533 | 2025-08-07 | N/A | N/A | ||
| An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request. | |||||
| CVE-2025-34149 | 2025-08-07 | N/A | N/A | ||
| A command injection vulnerability affects the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) during WPA2 configuration. The 'key' parameter is interpreted directly by the system shell, enabling attackers to execute arbitrary commands as root. Exploitation requires no authentication and can be triggered during wireless setup. | |||||
| CVE-2025-8697 | 2025-08-07 | N/A | 6.3 MEDIUM | ||
| A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8698 | 2025-08-07 | N/A | 3.3 LOW | ||
| A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF Service. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The name of the patch is 66bc558e417e70ae216ec155e4e81c14ae0ecf30. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-55138 | 2025-08-07 | N/A | N/A | ||
| LinkJoin through 882f196 mishandles token ownership in password reset. | |||||
| CVE-2025-55077 | 2025-08-07 | N/A | N/A | ||
| Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01. | |||||
| CVE-2025-34148 | 2025-08-07 | N/A | N/A | ||
| An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). When configuring the device in WISP mode, the 'ssid' parameter is passed unsanitized to system-level scripts. This allows remote attackers within Wi-Fi range to inject arbitrary shell commands that execute as root, resulting in full device compromise. | |||||
| CVE-2025-34150 | 2025-08-07 | N/A | N/A | ||
| The PPPoE configuration interface of the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) is vulnerable to command injection via the 'user' parameter. Input is processed unsafely during network setup, allowing attackers to execute arbitrary system commands with root privileges. | |||||
| CVE-2025-34151 | 2025-08-07 | N/A | N/A | ||
| A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed directly to system-level commands without sanitation, enabling unauthenticated attackers to achieve root-level code execution. | |||||
| CVE-2025-8194 | 2025-08-07 | N/A | N/A | ||
| There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. This vulnerability can be mitigated by including the following patch after importing the “tarfile” module: https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1 | |||||
| CVE-2022-3109 | 3 Debian, Fedoraproject, Ffmpeg | 3 Debian Linux, Fedora, Ffmpeg | 2025-08-07 | N/A | 7.5 HIGH |
| An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. | |||||
| CVE-2022-3341 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-08-07 | N/A | 5.3 MEDIUM |
| A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | |||||
| CVE-2024-10455 | 1 D3tn | 1 Ud3tn | 2025-08-07 | N/A | N/A |
| Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block | |||||
| CVE-2024-31409 | 1 Cyberpower | 1 Powerpanel | 2025-08-07 | N/A | 7.5 HIGH |
| Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device. | |||||
| CVE-2024-1039 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2025-08-07 | N/A | 9.8 CRITICAL |
| Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. | |||||
| CVE-2024-1040 | 1 Gesslergmbh | 2 Web-master, Web-master Firmware | 2025-08-07 | N/A | 4.4 MEDIUM |
| Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. | |||||