Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8734 | 2025-08-19 | N/A | N/A | ||
| A vulnerability has been found in GNU Bison up to 3.8.2. This impacts the function code_free of the file src/scan-code.c. The manipulation leads to double free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container. | |||||
| CVE-2025-7496 | 2025-08-19 | N/A | 6.4 MEDIUM | ||
| The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-57725 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57720 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-54939 | 2025-08-19 | N/A | N/A | ||
| LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. | |||||
| CVE-2025-57723 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57721 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57718 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57722 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57724 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57717 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-57719 | 2025-08-19 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2024-3094 | 1 Tukaani | 1 Xz | 2025-08-19 | N/A | 10.0 CRITICAL |
| Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | |||||
| CVE-2025-54948 | 1 Trendmicro | 1 Apex One | 2025-08-19 | N/A | 9.8 CRITICAL |
| A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | |||||
| CVE-2025-46269 | 2025-08-18 | N/A | N/A | ||
| In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-52584 | 2025-08-18 | N/A | N/A | ||
| In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2025-54156 | 2025-08-18 | N/A | N/A | ||
| The Sante PACS Server Web Portal sends credential information without encryption. | |||||
| CVE-2025-53948 | 2025-08-18 | N/A | N/A | ||
| The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required. | |||||
| CVE-2025-54862 | 2025-08-18 | N/A | N/A | ||
| Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | |||||
| CVE-2025-54759 | 2025-08-18 | N/A | N/A | ||
| Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | |||||