Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6204 | 2025-08-04 | N/A | N/A | ||
| An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | |||||
| CVE-2025-41691 | 2025-08-04 | N/A | 7.5 HIGH | ||
| An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service (DoS) condition. | |||||
| CVE-2025-41659 | 2025-08-04 | N/A | 8.3 HIGH | ||
| A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. | |||||
| CVE-2025-41658 | 2025-08-04 | N/A | 5.5 MEDIUM | ||
| CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions. | |||||
| CVE-2025-54962 | 2025-08-04 | N/A | N/A | ||
| /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. | |||||
| CVE-2025-46059 | 2025-08-04 | N/A | N/A | ||
| langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application via a crafted email message. NOTE: this is disputed by the Supplier because the code-execution issue was introduced by user-written code that does not adhere to the LangChain security practices. | |||||
| CVE-2025-54956 | 2025-08-03 | N/A | N/A | ||
| The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request. | |||||
| CVE-2025-8513 | 2025-08-03 | N/A | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, was found in Caixin News App 8.0.1 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.caixin.news. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13972 | 2025-08-03 | N/A | N/A | ||
| A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. | |||||
| CVE-2025-8506 | 2025-08-03 | N/A | 3.5 LOW | ||
| A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | |||||
| CVE-2025-8220 | 2025-08-03 | N/A | N/A | ||
| A vulnerability classified as critical has been found in Engeman Web up to 12.0.0.1. Affected is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of Cookie leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-52132 | 2025-08-03 | N/A | N/A | ||
| The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page. | |||||
| CVE-2025-52131 | 2025-08-03 | N/A | N/A | ||
| The Mocca Calendar application before 2.15 for XWiki allows XSS via the background or text color field. | |||||
| CVE-2025-52133 | 2025-08-03 | N/A | N/A | ||
| The Mocca Calendar application before 2.15 for XWiki allows XSS via a title upon calendar import. | |||||
| CVE-2025-23284 | 2025-08-02 | N/A | N/A | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. | |||||
| CVE-2023-32255 | 2025-08-02 | N/A | 5.3 MEDIUM | ||
| A flaw was found in the Linux kernel's ksmbd component. A memory leak can occur if a client sends a session setup request with an unknown NTLMSSP message type, potentially leading to resource exhaustion. | |||||
| CVE-2023-32253 | 2025-08-02 | N/A | 5.9 MEDIUM | ||
| A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a denial of service. | |||||
| CVE-2025-23290 | 2025-08-02 | N/A | N/A | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure. | |||||
| CVE-2025-23285 | 2025-08-02 | N/A | N/A | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2025-23287 | 2025-08-02 | N/A | N/A | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure. | |||||