Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7001 | 1 Gitlab | 1 Gitlab | 2025-07-28 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. | |||||
| CVE-2025-46171 | 1 Vbulletin | 1 Vbulletin | 2025-07-28 | N/A | N/A |
| vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive memory, exhausting system resources and crashing the forum. | |||||
| CVE-2025-54453 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2025-54452 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | 9.8 CRITICAL |
| Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2025-54451 | 1 Samsung | 1 Magicinfo 9 Server | 2025-07-28 | N/A | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||||
| CVE-2025-30065 | 1 Apache | 1 Parquet Java | 2025-07-28 | N/A | 9.8 CRITICAL |
| Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. | |||||
| CVE-2025-27724 | 2025-07-28 | N/A | 9.3 CRITICAL | ||
| A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2025-53695 | 2025-07-28 | N/A | N/A | ||
| OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root' user) to the device firmware. | |||||
| CVE-2025-26469 | 2025-07-28 | N/A | 9.3 CRITICAL | ||
| An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability. | |||||
| CVE-2025-32731 | 2025-07-28 | N/A | 6.1 MEDIUM | ||
| A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2025-24485 | 2025-07-28 | N/A | 5.8 MEDIUM | ||
| A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2025-3891 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2025-07-28 | N/A | N/A |
| A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. | |||||
| CVE-2025-4976 | 1 Gitlab | 1 Gitlab | 2025-07-28 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses. | |||||
| CVE-2025-8044 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | N/A |
| Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird < 141. | |||||
| CVE-2025-8043 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | N/A |
| Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141. | |||||
| CVE-2024-1456 | 1 H2o | 1 H2o | 2025-07-28 | N/A | N/A |
| An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover. | |||||
| CVE-2025-8039 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-07-28 | N/A | N/A |
| In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. | |||||
| CVE-2025-48924 | 1 Apache | 1 Commons Lang | 2025-07-28 | N/A | N/A |
| Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue. | |||||
| CVE-2025-1299 | 1 Gitlab | 1 Gitlab | 2025-07-28 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request. | |||||
| CVE-2025-54569 | 2025-07-28 | N/A | N/A | ||
| In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation. | |||||