Total
302293 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20930 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory. | ||||
| CVE-2025-20931 | 1 Samsung | 1 Notes | 2025-07-16 | 7.3 High |
| Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. | ||||
| CVE-2025-20932 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory. | ||||
| CVE-2025-20933 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory. | ||||
| CVE-2025-27867 | 1 Apache | 1 Felix Http Webconsole Plugin | 2025-07-16 | 5.6 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: from Version 1.X through 1.2.0. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | ||||
| CVE-2025-31072 | 2025-07-16 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme allows Reflected XSS. This issue affects Ofiz - WordPress Business Consulting Theme: from n/a through 2.0. | ||||
| CVE-2024-10296 | 1 Phpgurukul | 1 Medical Card Generation System | 2025-07-16 | 4.7 Medium |
| A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-56474 | 2 Ibm, Linux | 3 Aix, Txseries For Multiplatforms, Linux Kernel | 2025-07-16 | 4.3 Medium |
| IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2024-28168 | 1 Apache | 2 Formatting Objects Processor, Xml Graphics Fop | 2025-07-16 | 7.5 High |
| Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue. | ||||
| CVE-2025-20916 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in reading string of SPen in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | ||||
| CVE-2025-49840 | 2025-07-16 | N/A | ||
| GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in inference_webui.py. The GPT_dropdown variable takes user input and passes it to the change_gpt_weights function. In change_gpt_weights, the user input, here gpt_path is used to load a model with torch.load, leading to unsafe deserialization. At time of publication, no known patched versions are available. | ||||
| CVE-2025-20281 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2025-07-16 | 10 Critical |
| A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device. | ||||
| CVE-2025-20917 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in applying binary of pdf content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | ||||
| CVE-2025-20918 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in applying extra data of base content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | ||||
| CVE-2025-20919 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in applying binary of video content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | ||||
| CVE-2025-20920 | 1 Samsung | 1 Notes | 2025-07-16 | 5.5 Medium |
| Out-of-bounds read in action link data in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | ||||
| CVE-2025-6511 | 1 Netgear | 2 Ex6150, Ex6150 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6510 | 1 Netgear | 2 Ex6100, Ex6100 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6158 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6094 | 1 Qianfox | 1 Foxcms | 2025-07-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in qianfox FoxCMS up to 1.2.5. This issue affects the function batchCope of the file app/admin/controller/Download.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||