Total
304198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8437 | 1 Code-projects | 1 Kitchen Treasure | 2025-08-05 | 7.3 High |
| A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8442 | 1 Code-projects | 1 Online Medicine Guide | 2025-08-05 | 7.3 High |
| A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cussignup.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8443 | 1 Code-projects | 1 Online Medicine Guide | 2025-08-05 | 7.3 High |
| A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8441 | 1 Code-projects | 1 Online Medicine Guide | 2025-08-05 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-40600 | 1 Sonicwall | 1 Sonicos | 2025-08-05 | 9.8 Critical |
| Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. | ||||
| CVE-2025-23287 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-05 | 3.3 Low |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disclosure. | ||||
| CVE-2025-55014 | 1 Stardict | 1 Stardict | 2025-08-05 | 4.7 Medium |
| The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. | ||||
| CVE-2025-46093 | 1 Liquidfiles | 1 Liquidfiles | 2025-08-05 | 9.9 Critical |
| LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration. | ||||
| CVE-2025-50422 | 1 Freedesktop | 1 Poppler | 2025-08-05 | 6.5 Medium |
| An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump. | ||||
| CVE-2025-8341 | 1 Grafana | 2 Grafana, Infinity Datasource | 2025-08-05 | 5 Medium |
| Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1. | ||||
| CVE-2025-20696 | 1 Mediatek | 32 Mt6739, Mt6761, Mt6765 and 29 more | 2025-08-05 | 6.8 Medium |
| In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801. | ||||
| CVE-2025-53395 | 1 Macrium | 1 Reflect | 2025-08-05 | 7.7 High |
| Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx file, Reflect loads the attacker's VSSSvr.dll after the mount completes. This occurs because of untrusted DLL search path behavior in ReflectMonitor.exe. | ||||
| CVE-2025-53394 | 1 Macrium | 1 Reflect | 2025-08-05 | 7.7 High |
| Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and proceeds to mount it, Reflect launches the renamed executable (e.g., explorer.exe), which is under attacker control. This occurs because of insufficient validation of companion files referenced during backup mounting. | ||||
| CVE-2025-46094 | 1 Liquidfiles | 1 Liquidfiles | 2025-08-05 | 3.8 Low |
| LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript. | ||||
| CVE-2025-46206 | 1 Artifex | 1 Mupdf | 2025-08-05 | 7.5 High |
| An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion | ||||
| CVE-2024-45183 | 1 Samsung | 7 Exynos 1280, Exynos 1330, Exynos 1380 and 4 more | 2025-08-05 | 6.5 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write. | ||||
| CVE-2025-8551 | 2025-08-05 | 3.5 Low | ||
| A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-0932 | 1 Arm | 3 5th Gen Gpu Architecture Userspace Driver, Bifrost Gpu Userspace Driver, Valhall Gpu Userspace Driver | 2025-08-05 | N/A |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to perform valid GPU processing operations, including via WebGL or WebGPU, to gain access to already freed memory.This issue affects Bifrost GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Userspace Driver: from r48p0 through r49p3, from r50p0 through r54p0. | ||||
| CVE-2025-8515 | 1 Intelbras | 1 Incontrol | 2025-08-05 | 3.1 Low |
| A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | ||||
| CVE-2025-30099 | 1 Dell | 1 Powerprotect Data Domain | 2025-08-05 | 7.8 High |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges. | ||||