Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27068 | 1 Qualcomm | 32 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6900 and 29 more | 2025-08-18 | N/A | 7.8 HIGH |
| Memory corruption while processing an IOCTL command with an arbitrary address. | |||||
| CVE-2025-47324 | 1 Qualcomm | 2 Qca7005, Qca7005 Firmware | 2025-08-18 | N/A | 7.5 HIGH |
| Information disclosure while accessing and modifying the PIB file of a remote device via powerline. | |||||
| CVE-2025-27075 | 1 Qualcomm | 72 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 69 more | 2025-08-18 | N/A | 7.8 HIGH |
| Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host. | |||||
| CVE-2025-55674 | 1 Apache | 1 Superset | 2025-08-18 | N/A | 6.5 MEDIUM |
| A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue. | |||||
| CVE-2024-45674 | 1 Ibm | 3 Security Verify Bridge Directory Sync, Security Verify Gateway For Radius, Security Verify Gateway For Windows Login | 2025-08-18 | N/A | N/A |
| IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files that could be read by a local user. | |||||
| CVE-2025-25206 | 1 Elabftw | 1 Elabftw | 2025-08-18 | N/A | 8.8 HIGH |
| eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. This could lead to privilege escalation if cookies are enabled (default setting). Users must upgrade to eLabFTW version 5.1.15 to receive a fix. No known workarounds are available. | |||||
| CVE-2025-26603 | 2 Netapp, Vim | 2 Hci Compute Node, Vim | 2025-08-18 | N/A | N/A |
| Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2025-0159 | 1 Ibm | 1 Storage Virtualize | 2025-08-18 | N/A | 9.1 CRITICAL |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. | |||||
| CVE-2025-20051 | 1 Mattermost | 1 Mattermost Server | 2025-08-18 | N/A | 6.5 MEDIUM |
| Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. | |||||
| CVE-2025-55675 | 1 Apache | 1 Superset | 2025-08-18 | N/A | 6.5 MEDIUM |
| Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure. This issue affects Apache Superset: before 5.0.0. Users are recommended to upgrade to version 5.0.0, which fixes the issue. | |||||
| CVE-2025-0160 | 1 Ibm | 1 Storage Virtualize | 2025-08-18 | N/A | 9.8 CRITICAL |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service. | |||||
| CVE-2024-54179 | 1 Ibm | 1 Business Automation Workflow | 2025-08-18 | N/A | 5.4 MEDIUM |
| IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-27423 | 2 Netapp, Vim | 2 Hci Compute Node, Vim | 2025-08-18 | N/A | N/A |
| Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164 | |||||
| CVE-2025-26484 | 1 Dell | 1 Cloudlink | 2025-08-18 | N/A | 4.9 MEDIUM |
| Dell CloudLink, versions 8.0 through 8.1.1, contains an Improper Restriction of XML External Entity Reference vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | |||||
| CVE-2025-2000 | 1 Ibm | 1 Qiskit | 2025-08-18 | N/A | N/A |
| A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. | |||||
| CVE-2024-27256 | 1 Ibm | 2 Mq Operator, Supplied Mq Advanced Container Images | 2025-08-18 | N/A | 7.5 HIGH |
| IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-8356 | 1 Xerox | 1 Freeflow Core | 2025-08-18 | N/A | N/A |
| In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. | |||||
| CVE-2024-56477 | 1 Ibm | 1 Power Hardware Management Console | 2025-08-18 | N/A | 6.5 MEDIUM |
| IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2024-55904 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-18 | N/A | 7.2 HIGH |
| IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | |||||
| CVE-2025-36612 | 1 Dell | 1 Supportassist For Business Pcs | 2025-08-18 | N/A | 7.8 HIGH |
| SupportAssist for Business PCs, version(s) 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | |||||