Search
Search Results (333462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29778 | 1 Kyverno | 1 Kyverno | 2025-08-01 | 5.8 Medium |
| Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue. | ||||
| CVE-2024-8551 | 1 Modelscope | 1 Agentscope | 2025-08-01 | 9.1 Critical |
| A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of sensitive information such as configuration files, API keys, and hardcoded passwords. | ||||
| CVE-2024-6839 | 2 Corydolphin, Flask-cors Project | 2 Flask-cors, Flask-cors | 2025-08-01 | 5.3 Medium |
| corydolphin/flask-cors version 4.0.1 contains an improper regex path matching vulnerability. The plugin prioritizes longer regex patterns over more specific ones when matching paths, which can lead to less restrictive CORS policies being applied to sensitive endpoints. This mismatch in regex pattern priority allows unauthorized cross-origin access to sensitive data or functionality, potentially exposing confidential information and increasing the risk of unauthorized actions by malicious actors. | ||||
| CVE-2024-10264 | 1 Youdao | 1 Qanything | 2025-08-01 | 9.8 Critical |
| HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. | ||||
| CVE-2024-12864 | 1 Youdao | 1 Qanything | 2025-08-01 | N/A |
| A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large filename, causing the server to become overwhelmed and unavailable for legitimate users. This attack does not require authentication, making it highly scalable and increasing the risk of exploitation. | ||||
| CVE-2025-54847 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54846 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54845 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54844 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54843 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54842 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54841 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54840 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54839 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54657 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-29360 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29359 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the deviceId parameter at /goform/saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29358 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the firewallEn parameter at /goform/SetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-29357 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the startIp and endIp parameters at /goform/SetPptpServerCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2025-48206 | 1 Nitsantech | 1 Ns-backup | 2025-08-01 | 6.1 Medium |
| The ns_backup extension through 13.0.0 for TYPO3 allows XSS. | ||||