Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1240 | 1 Winzip | 1 Winzip | 2025-08-18 | N/A | 8.8 HIGH |
| WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24986. | |||||
| CVE-2025-36613 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2025-08-18 | N/A | 7.8 HIGH |
| SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access. | |||||
| CVE-2024-37526 | 1 Ibm | 2 Data Virtualization On Cloud Pak For Data, Watson Query With Cloud Pak For Data | 2025-08-18 | N/A | 6.5 MEDIUM |
| IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism. | |||||
| CVE-2025-38738 | 1 Dell | 1 Supportassist For Home Pcs | 2025-08-18 | N/A | 7.8 HIGH |
| SupportAssist for Home PCs Installer exe version(s) 4.8.2.29006 and prior, contain(s) an Incorrect Privilege Assignment vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges. | |||||
| CVE-2024-38320 | 6 Apple, Hp, Ibm and 3 more | 8 Macos, Hp-ux, Aix and 5 more | 2025-08-18 | N/A | 7.5 HIGH |
| IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client 8.1.0.0 through 8.1.23.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2025-33142 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-08-18 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. | |||||
| CVE-2023-46187 | 1 Ibm | 1 Infosphere Master Data Management | 2025-08-18 | N/A | 5.4 MEDIUM |
| IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-51457 | 1 Ibm | 1 Robotic Process Automation For Cloud Pak | 2025-08-18 | N/A | 5.4 MEDIUM |
| IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2023-38009 | 3 Apple, Google, Ibm | 3 Iphone Os, Android, Cognos Analytics | 2025-08-18 | N/A | 5.9 MEDIUM |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | |||||
| CVE-2024-49824 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-08-18 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. | |||||
| CVE-2024-47113 | 1 Ibm | 1 Voice Gateway | 2025-08-18 | N/A | 9.1 CRITICAL |
| IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document. | |||||
| CVE-2024-45652 | 1 Ibm | 1 Maximo Asset Management | 2025-08-18 | N/A | 7.5 HIGH |
| IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2025-36047 | 4 Apple, Ibm, Linux and 1 more | 7 Macos, Aix, I and 4 more | 2025-08-18 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. | |||||
| CVE-2025-22937 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | N/A |
| An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. | |||||
| CVE-2025-8517 | 2025-08-18 | N/A | N/A | ||
| A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component. | |||||
| CVE-2017-20199 | 2025-08-18 | N/A | N/A | ||
| A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality. The manipulation results in improper access controls. The attack may be performed from a remote location. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been made public and could be used. Upgrading to version 1.0.1 addresses this issue. The patch is identified as 89. Upgrading the affected component is recommended. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-22941 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | N/A |
| A command injection vulnerability in the web interface of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||
| CVE-2025-8943 | 2025-08-18 | N/A | N/A | ||
| The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication unless explicitly configured. This combination allows unauthenticated network attackers to execute unsandboxed OS commands. | |||||
| CVE-2023-33202 | 1 Bouncycastle | 2 Bouncy Castle For Java, Fips Java Api | 2025-08-18 | N/A | 5.5 MEDIUM |
| Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.) | |||||
| CVE-2025-22939 | 1 Adtran | 2 411, 411 Firmware | 2025-08-18 | N/A | N/A |
| A command injection vulnerability in the telnet service of Adtran 411 ONT L80.00.0011.M2 allows attackers to escalate privileges to root and execute arbitrary commands. | |||||