Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36607 | 1 Dell | 1 Unity Operating Environment | 2025-08-15 | N/A | N/A |
| Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. | |||||
| CVE-2025-51390 | 1 Totolink | 2 N600r, N600r Firmware | 2025-08-15 | N/A | N/A |
| TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function. | |||||
| CVE-2025-50592 | 1 Seacms | 1 Seacms | 2025-08-15 | N/A | N/A |
| Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. | |||||
| CVE-2025-52237 | 1 Sscms | 1 Sscms | 2025-08-15 | N/A | N/A |
| An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal. | |||||
| CVE-2025-21018 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | N/A |
| Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. | |||||
| CVE-2025-21017 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 6.7 MEDIUM |
| Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | |||||
| CVE-2025-21019 | 1 Samsung | 1 Health | 2025-08-15 | N/A | N/A |
| Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-21020 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 6.7 MEDIUM |
| Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | |||||
| CVE-2025-21021 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 6.7 MEDIUM |
| Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | |||||
| CVE-2025-49559 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 5.3 MEDIUM |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-49557 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 5.4 MEDIUM |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. | |||||
| CVE-2025-49558 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 5.9 MEDIUM |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-49556 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction, and scope is unchanged. | |||||
| CVE-2025-49555 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 8.1 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege escalation. A high-privileged attacker could trick a victim into executing unintended actions on a web application where the victim is authenticated, potentially allowing unauthorized access or modification of sensitive data. Exploitation of this issue requires user interaction in that a victim must visit a malicious website or click on a crafted link. Scope is changed. | |||||
| CVE-2025-49554 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-08-15 | N/A | 7.5 HIGH |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-5046 | 2025-08-15 | N/A | 7.8 HIGH | ||
| A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2025-54989 | 2025-08-15 | N/A | N/A | ||
| Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from client. It leads to NULL pointer dereference and DoS. This issue has been patched in versions 3.0.13, 4.0.6, and 5.0.3. | |||||
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2025-08-15 | 6.5 MEDIUM | 8.8 HIGH |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2025-8876 | 1 N-able | 1 N-central | 2025-08-15 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1. | |||||
| CVE-2025-5048 | 2025-08-15 | N/A | 7.8 HIGH | ||
| A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||