Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52577 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | N/A |
| A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at least user-level privileges. Certain input parameters are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |||||
| CVE-2025-48891 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | N/A |
| A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at least user-level privileges, potentially leading to information disclosure or a denial-of-service condition. | |||||
| CVE-2025-46704 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | N/A |
| A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least user-level privileges. A specific parameter is not properly sanitized or normalized, potentially allowing an attacker to determine the existence of arbitrary files on the server. | |||||
| CVE-2025-41442 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | N/A |
| A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. | |||||
| CVE-2025-53475 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | N/A |
| A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters in this function are not properly sanitized, allowing an attacker to perform SQL injection and potentially execute code in the context of the 'nt authority\local service' account. | |||||
| CVE-2025-53519 | 1 Advantech | 1 Iview | 2025-07-23 | N/A | N/A |
| A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosure or other malicious activities. | |||||
| CVE-2024-10234 | 1 Redhat | 2 Build Of Keycloak, Jboss Enterprise Application Platform | 2025-07-23 | N/A | 7.3 HIGH |
| A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server. | |||||
| CVE-2025-7427 | 2025-07-23 | N/A | N/A | ||
| Uncontrolled Search Path Element in Arm Development Studio before 2025 may allow an attacker to perform a DLL hijacking attack. Successful exploitation could lead to local arbitrary code execution in the context of the user running Arm Development Studio. | |||||
| CVE-2025-7035 | 1 Davidlingren | 1 Media Library Assistant | 2025-07-23 | N/A | 5.4 MEDIUM |
| The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mla_tag_cloud and mla_term_list shortcodes in all versions up to, and including, 3.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-3631 | 1 Ibm | 1 Mq Appliance | 2025-07-23 | N/A | 7.5 HIGH |
| An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it. | |||||
| CVE-2025-36104 | 1 Ibm | 1 Storage Scale | 2025-07-23 | N/A | 6.5 MEDIUM |
| IBM Storage Scale 5.2.3.0 and 5.2.3.1 could allow an authenticated user to obtain sensitive information from files due to the insecure permissions inherited through the SMB protocol. | |||||
| CVE-2025-36090 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | N/A | 5.3 MEDIUM |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. | |||||
| CVE-2024-39752 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | N/A | 9.8 CRITICAL |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||
| CVE-2024-38327 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | N/A | 9.8 CRITICAL |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. | |||||
| CVE-2024-37524 | 1 Ibm | 1 Analytics Content Hub | 2025-07-23 | N/A | 5.3 MEDIUM |
| IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | |||||
| CVE-2025-47988 | 1 Microsoft | 1 Azure Monitor Agent | 2025-07-23 | N/A | 7.5 HIGH |
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | |||||
| CVE-2025-47178 | 1 Microsoft | 1 Configuration Manager 2503 | 2025-07-23 | N/A | 8.0 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | |||||
| CVE-2025-54309 | 1 Crushftp | 1 Crushftp | 2025-07-23 | N/A | 9.8 CRITICAL |
| CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. | |||||
| CVE-2025-20257 | 1 Cisco | 1 Secure Network Analytics | 2025-07-23 | N/A | 6.5 MEDIUM |
| A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls with crafted input. A successful exploit could allow the attacker to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device. | |||||
| CVE-2025-35966 | 2025-07-23 | N/A | N/A | ||
| A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. | |||||