Export limit exceeded: 15865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328764 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37110 | 1 Hpe | 1 Telco Network Function Virtual Orchestrator | 2025-08-04 | 6 Medium |
| A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information. | ||||
| CVE-2025-37108 | 1 Hpe | 1 Telco Service Activator | 2025-08-04 | 3.5 Low |
| Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | ||||
| CVE-2023-32251 | 1 Redhat | 1 Enterprise Linux | 2025-08-04 | 3.7 Low |
| A vulnerability has been identified in the Linux kernel's ksmbd component (kernel SMB/CIFS server). A security control designed to prevent dictionary attacks, which introduces a 5-second delay during session setup, can be bypassed through the use of asynchronous requests. This bypass negates the intended anti-brute-force protection, potentially allowing attackers to conduct dictionary attacks more efficiently against user credentials or other authentication mechanisms. | ||||
| CVE-2025-23289 | 1 Nvidia | 1 Omniverse Launcher | 2025-08-04 | 5.5 Medium |
| NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files through proxy servers. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-0825 | 1 Yhirose | 1 Cpp-httplib | 2025-08-04 | 5.3 Medium |
| cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more. | ||||
| CVE-2025-50460 | 1 Modelscope | 1 Ms Swift | 2025-08-04 | 9.8 Critical |
| A remote code execution (RCE) vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load() from the PyYAML library (versions = 5.3.1). If an attacker can control the content of the YAML configuration file passed to the --run_config parameter, arbitrary code can be executed during deserialization. This can lead to full system compromise. The vulnerability is triggered when a malicious YAML file is loaded, allowing the execution of arbitrary Python commands such as os.system(). It is recommended to upgrade PyYAML to version 5.4 or higher, and to use yaml.safe_load() to mitigate the issue. | ||||
| CVE-2025-54595 | 2025-08-04 | 7.3 High | ||
| Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2. | ||||
| CVE-2025-23286 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-04 | 4.4 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-6228 | 2 Shaosina, Wordpress | 2 Sina Extension For Elementor, Wordpress | 2025-08-04 | 6.4 Medium |
| The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data Table Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `Sina Posts`, `Sina Blog Post` and `Sina Table` widgets in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-54593 | 1 Freshrss | 1 Freshrss | 2025-08-04 | 7.2 High |
| FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code, user data including hashed passwords can be exfiltrated, the instance can be defaced when file permissions allow. Malicious code can be inserted into the instance to steal plaintext passwords, among others. This is fixed in version 1.26.2. | ||||
| CVE-2025-54590 | 2025-08-04 | N/A | ||
| webfinger.js is a TypeScript-based WebFinger client that runs in both browsers and Node.js environments. In versions 2.8.0 and below, the lookup function accepts user addresses for account checking. However, the ActivityPub specification requires preventing access to localhost services in production. This library does not prevent localhost access, only checking for hosts that start with "localhost" and end with a port. Users can exploit this by creating servers that send GET requests with controlled host, path, and port parameters to query services on the instance's host or local network, enabling blind SSRF attacks. This is fixed in version 2.8.1. | ||||
| CVE-2025-50868 | 2025-08-04 | 6.5 Medium | ||
| A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries. | ||||
| CVE-2025-49832 | 1 Asterisk | 1 Asterisk | 2025-08-04 | 6.5 Medium |
| Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1. | ||||
| CVE-2025-4684 | 2025-08-04 | 6.4 Medium | ||
| The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of Image Carousel and Image Slider widgets in all versions up to, and including, 3.2.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23285 | 1 Nvidia | 1 Virtual Gpu Manager | 2025-08-04 | 5.5 Medium |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-23290 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu Manager | 2025-08-04 | 2.5 Low |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2025-23278 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-04 | 7.1 High |
| NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service. | ||||
| CVE-2025-8317 | 1 Wordpress | 1 Wordpress | 2025-08-04 | 6.4 Medium |
| The Custom Word Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘angle’ parameter in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-23288 | 1 Nvidia | 1 Gpu Display Driver | 2025-08-04 | 3.3 Low |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of this vulnerability may lead to Information disclosure. | ||||
| CVE-2013-10046 | 2025-08-04 | N/A | ||
| A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service. | ||||