Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-51824 | 1 Libcsp | 1 Libcsp | 2025-08-14 | N/A | N/A |
| libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() function at drivers/usart/zephyr.c. | |||||
| CVE-2023-44442 | 1 Gimp | 1 Gimp | 2025-08-14 | N/A | N/A |
| GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094. | |||||
| CVE-2025-8355 | 1 Xerox | 1 Freeflow Core | 2025-08-14 | N/A | 7.5 HIGH |
| In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF). | |||||
| CVE-2023-44443 | 1 Gimp | 1 Gimp | 2025-08-14 | N/A | N/A |
| GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22096. | |||||
| CVE-2024-8176 | 2025-08-14 | N/A | N/A | ||
| A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. | |||||
| CVE-2025-55346 | 2025-08-14 | N/A | N/A | ||
| User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request. | |||||
| CVE-2025-45768 | 2025-08-14 | N/A | N/A | ||
| pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement). | |||||
| CVE-2022-29362 | 1 Zkea | 1 Zkeacms | 2025-08-14 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. | |||||
| CVE-2023-44444 | 1 Gimp | 1 Gimp | 2025-08-14 | N/A | N/A |
| GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097. | |||||
| CVE-2025-52239 | 1 Zkea | 1 Zkeacms | 2025-08-14 | N/A | N/A |
| An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2025-44964 | 1 Bluestacks | 1 Bluestacks | 2025-08-14 | N/A | N/A |
| A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information. | |||||
| CVE-2025-50706 | 1 Thinkphp | 1 Thinkphp | 2025-08-14 | N/A | N/A |
| An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function | |||||
| CVE-2025-50707 | 1 Thinkphp | 1 Thinkphp | 2025-08-14 | N/A | N/A |
| An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component | |||||
| CVE-2023-44451 | 1 Linuxmint | 1 Xreader | 2025-08-14 | N/A | 7.8 HIGH |
| Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897. | |||||
| CVE-2023-44452 | 1 Linuxmint | 1 Xreader | 2025-08-14 | N/A | 7.8 HIGH |
| Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132. | |||||
| CVE-2023-50197 | 1 Intel | 1 Driver \& Support Assistant | 2025-08-14 | N/A | N/A |
| Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSA Service. By creating a symbolic link, an attacker can abuse the service to write a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21845. | |||||
| CVE-2025-2760 | 1 Gimp | 1 Gimp | 2025-08-14 | N/A | 7.8 HIGH |
| GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082. | |||||
| CVE-2025-2761 | 1 Gimp | 1 Gimp | 2025-08-14 | N/A | 7.8 HIGH |
| GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25100. | |||||
| CVE-2025-5748 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A | N/A |
| WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349. | |||||
| CVE-2025-5747 | 1 Wolfbox | 2 Level 2 Ev Charger, Level 2 Ev Charger Firmware | 2025-08-14 | N/A | N/A |
| WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501. | |||||