Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54788 | 1 Salesagility | 1 Suitecrm | 2025-08-14 | N/A | N/A |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on confidentiality, integrity, and availability, as database data can be retrieved, modified, or removed entirely. This issue is fixed in version 7.14.7. | |||||
| CVE-2024-52680 | 1 Eyoucms | 1 Eyoucms | 2025-08-14 | N/A | N/A |
| EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. | |||||
| CVE-2025-50952 | 1 Uclouvain | 1 Openjpeg | 2025-08-14 | N/A | N/A |
| openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c. | |||||
| CVE-2024-56339 | 1 Ibm | 1 Websphere Application Server | 2025-08-14 | N/A | 7.5 HIGH |
| IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. | |||||
| CVE-2025-44779 | 1 Ollama | 1 Ollama | 2025-08-14 | N/A | N/A |
| An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull. | |||||
| CVE-2025-7054 | 1 Cloudflare | 1 Quiche | 2025-08-14 | N/A | 6.5 MEDIUM |
| Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs that are used by the remote peer to populate the Destination Connection ID field in packets sent from remote to local. Each Connection ID has a sequence number to ensure synchronization between peers. An unauthenticated remote attacker can exploit this vulnerability by first completing a handshake and then sending a specially-crafted set of frames that trigger a connection ID retirement in the victim. When the victim attempts to send a packet containing RETIRE_CONNECTION_ID frames, Section 19.16 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-19.6 requires that the sequence number of the retired connection ID must not be the same as the sequence number of the connection ID used by the packet. In other words, a packet cannot contain a frame that retires itself. In scenarios such as path migration, it is possible for there to be multiple active paths with different active connection IDs that could be used to retire each other. The exploit triggered an unintentional behaviour of a quiche design feature that supports retirement across paths while maintaining full connection ID synchronization, leading to an infinite loop.This issue affects quiche: from 0.15.0 before 0.24.5. | |||||
| CVE-2025-50692 | 1 Foxcms | 1 Foxcms | 2025-08-14 | N/A | N/A |
| FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html. | |||||
| CVE-2025-48913 | 1 Apache | 1 Cxf | 2025-08-14 | N/A | N/A |
| If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. | |||||
| CVE-2023-38264 | 1 Ibm | 1 Java Software Development Kit | 2025-08-14 | N/A | 7.5 HIGH |
| The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578. | |||||
| CVE-2023-43040 | 1 Ibm | 1 Storage Fusion Hci | 2025-08-14 | N/A | 9.8 CRITICAL |
| IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807. | |||||
| CVE-2023-51636 | 1 Avira | 1 Avira Prime | 2025-08-14 | N/A | N/A |
| Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21600. | |||||
| CVE-2023-51637 | 1 Santesoft | 1 Sante Pacs Server | 2025-08-14 | N/A | N/A |
| Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the DICOM service, which listens on TCP port 11122 by default. When parsing the NAME element of the PATIENT record, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21579. | |||||
| CVE-2024-4454 | 2 Microsoft, Withsecure | 5 Windows, Client Security, Elements Endpoint Protection and 2 more | 2025-08-14 | N/A | 7.8 HIGH |
| WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. | |||||
| CVE-2024-10383 | 1 Gitlab | 1 Gitlab | 2025-08-14 | N/A | 6.1 MEDIUM |
| An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE | |||||
| CVE-2024-51461 | 1 Ibm | 1 Qradar Wincollect | 2025-08-14 | N/A | 6.5 MEDIUM |
| IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources. | |||||
| CVE-2024-37312 | 1 Nextcloud | 1 User Oidc | 2025-08-14 | N/A | 6.3 MEDIUM |
| user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user backend is upgraded to 3.0.0 (Nextcloud 20-23), 4.0.0 (Nexcloud 24) or 5.0.0 (Nextcloud 25-28). | |||||
| CVE-2024-22338 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2025-08-14 | N/A | 5.5 MEDIUM |
| IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978. | |||||
| CVE-2025-1998 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 5.5 MEDIUM |
| IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user. | |||||
| CVE-2025-1997 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-08-14 | N/A | 4.6 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | |||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor | 2025-08-14 | N/A | 4.1 MEDIUM |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||