Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1040 | 1 Agpt | 1 Autogpt Platform | 2025-08-05 | N/A | 8.8 HIGH |
| AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0. | |||||
| CVE-2023-6605 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-05 | N/A | N/A |
| A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | |||||
| CVE-2025-8367 | 1 Portabilis | 1 I-educar | 2025-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9. This affects an unknown part of the file /intranet/funcionario_vinculo_lst.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8369 | 1 Portabilis | 1 I-educar | 2025-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the argument titulo_avaliacao leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8366 | 1 Portabilis | 1 I-educar | 2025-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_lst.php. The manipulation of the argument nome/matricula_servidor leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8365 | 1 Portabilis | 1 I-educar | 2025-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidos_cad.php. The manipulation of the argument nome/nome_social/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8368 | 1 Portabilis | 1 I-educar | 2025-08-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Portabilis i-Educar 2.9. This vulnerability affects unknown code of the file /intranet/pesquisa_pessoa_lst.php. The manipulation of the argument campo_busca/cpf leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-10935 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-08-05 | N/A | N/A |
| automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary, leading to excessive resource consumption and a complete denial of service (DoS) for all users. The vulnerability is unauthenticated, meaning no user login or interaction is required for an attacker to exploit this issue. | |||||
| CVE-2024-11044 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-08-05 | N/A | N/A |
| An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This vulnerability can be exploited to conduct phishing attacks, distribute malware, and steal user credentials. | |||||
| CVE-2025-54349 | 1 Iperf Project | 1 Iperf | 2025-08-05 | N/A | 10.0 CRITICAL |
| In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. | |||||
| CVE-2025-54350 | 1 Iperf Project | 1 Iperf | 2025-08-05 | N/A | 5.3 MEDIUM |
| In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. | |||||
| CVE-2025-54351 | 1 Iperf Project | 1 Iperf | 2025-08-05 | N/A | 10.0 CRITICAL |
| In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). | |||||
| CVE-2024-41177 | 1 Apache | 1 Zeppelin | 2025-08-05 | N/A | N/A |
| Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue. | |||||
| CVE-2024-11045 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-08-05 | N/A | N/A |
| A Cross-Site WebSocket Hijacking (CSWSH) vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at ws://127.0.0.1:7860/queue/join, enabling unauthorized actions on the server. This can lead to unauthorized cloning of server extensions, execution of malicious scripts, data exfiltration, and potential denial of service (DoS). | |||||
| CVE-2024-12074 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-08-05 | N/A | N/A |
| A Denial of Service (DoS) vulnerability was discovered in the file upload feature of automatic1111/stable-diffusion-webui version 1.10.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users. This issue can be exploited without authentication, making it highly scalable and increasing the risk of exploitation. | |||||
| CVE-2025-8521 | 2025-08-05 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is named b53c7161da606f512b7efcb392d6ffc708688d49/605a70f8729e4d44ebe272671cb1e43e3d6ae014. It is recommended to upgrade the affected component. | |||||
| CVE-2025-8526 | 2025-08-05 | N/A | N/A | ||
| A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8530 | 2025-08-05 | N/A | N/A | ||
| A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml of the component Druid. The manipulation of the argument login-username/login-password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2013-10054 | 2025-08-05 | N/A | N/A | ||
| An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication. | |||||
| CVE-2025-8520 | 2025-08-05 | N/A | N/A | ||
| A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The patch is identified as f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component. | |||||