Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8028 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | N/A |
| On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | |||||
| CVE-2025-8027 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | N/A |
| On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | |||||
| CVE-2025-54298 | 2025-07-28 | N/A | N/A | ||
| A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered. | |||||
| CVE-2025-43023 | 2025-07-28 | N/A | N/A | ||
| A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). | |||||
| CVE-2025-54299 | 2025-07-28 | N/A | N/A | ||
| A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered. | |||||
| CVE-2020-15778 | 3 Broadcom, Netapp, Openbsd | 10 Fabric Operating System, A700s, A700s Firmware and 7 more | 2025-07-28 | 6.8 MEDIUM | 7.4 HIGH |
| scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | |||||
| CVE-2025-54450 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2024-45777 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2025-07-28 | N/A | N/A |
| A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections. | |||||
| CVE-2025-54449 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2025-54455 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2025-54454 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | 9.8 CRITICAL |
| Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2025-0686 | 1 Gnu | 1 Grub2 | 2025-07-28 | N/A | 6.4 MEDIUM |
| A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections. | |||||
| CVE-2025-0685 | 1 Gnu | 1 Grub2 | 2025-07-28 | N/A | 6.4 MEDIUM |
| A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. | |||||
| CVE-2025-0684 | 1 Gnu | 1 Grub2 | 2025-07-28 | N/A | 6.4 MEDIUM |
| A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections. | |||||
| CVE-2025-54527 | 2025-07-28 | N/A | N/A | ||
| In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions | |||||
| CVE-2025-25214 | 1 Wwbn | 1 Avideo | 2025-07-28 | N/A | 7.5 HIGH |
| A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution. | |||||
| CVE-2025-51088 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-07-28 | N/A | N/A |
| Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow. | |||||
| CVE-2023-50677 | 1 Netgear | 2 Dgnd4000, Dgnd4000 Firmware | 2025-07-28 | N/A | N/A |
| An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. | |||||
| CVE-2025-51089 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-07-28 | N/A | N/A |
| Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow. | |||||
| CVE-2025-51087 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2025-07-28 | N/A | N/A |
| Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. | |||||