Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-40766 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-08-15 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack. | |||||
| CVE-2025-49745 | 1 Microsoft | 1 Dynamics 365 | 2025-08-15 | N/A | 5.4 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-53728 | 1 Microsoft | 1 Dynamics 365 | 2025-08-15 | N/A | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-53723 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-15 | N/A | 7.8 HIGH |
| Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-49755 | 1 Microsoft | 1 Edge | 2025-08-15 | N/A | 4.3 MEDIUM |
| User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-49751 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-15 | N/A | 6.8 MEDIUM |
| Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | |||||
| CVE-2025-49743 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-15 | N/A | 6.7 MEDIUM |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-48807 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-15 | N/A | 7.5 HIGH |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | |||||
| CVE-2025-49712 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-49736 | 1 Microsoft | 1 Edge | 2025-08-15 | N/A | 4.3 MEDIUM |
| The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2024-52304 | 1 Aiohttp | 1 Aiohttp | 2025-08-15 | N/A | 7.5 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue. | |||||
| CVE-2024-41779 | 1 Ibm | 1 Engineering Systems Design Rhapsody | 2025-08-15 | N/A | 8.1 HIGH |
| IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | |||||
| CVE-2024-41781 | 1 Ibm | 9 Power System E950, Power System E980, Power System H922 and 6 more | 2025-08-15 | N/A | 5.9 MEDIUM |
| IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. | |||||
| CVE-2024-6233 | 1 Checkpoint | 1 Zonealarm Extreme Security | 2025-08-15 | N/A | N/A |
| Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677. | |||||
| CVE-2024-6260 | 1 Malwarebytes | 1 Antimalware | 2025-08-15 | N/A | 7.8 HIGH |
| Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321. | |||||
| CVE-2025-53759 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-08-15 | N/A | 7.8 HIGH |
| Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-53741 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-15 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-51965 | 2025-08-15 | N/A | N/A | ||
| OURPHP thru 8.6.1 is vulnerable to Cross-Site Scripting (XSS) via the "Name" field of the "Complete Profile" functionality under the "My User Center" page, which can be accessed after registering through the front-end interface. | |||||
| CVE-2025-9060 | 2025-08-15 | N/A | N/A | ||
| A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above. | |||||
| CVE-2025-8362 | 2025-08-15 | N/A | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0. | |||||