Total
32215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2217 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-29 | N/A |
| gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication. | ||||
| CVE-2024-10041 | 2 Linux-pam, Redhat | 3 Linux-pam, Enterprise Linux, Rhel Eus | 2025-07-29 | 4.7 Medium |
| A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | ||||
| CVE-2023-5058 | 1 Phoenix | 1 Securecore Technology | 2025-07-28 | 7.8 High |
| Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | ||||
| CVE-2025-7001 | 1 Gitlab | 1 Gitlab | 2025-07-28 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. | ||||
| CVE-2025-4976 | 1 Gitlab | 1 Gitlab | 2025-07-28 | 4.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses. | ||||
| CVE-2024-25616 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | 3.7 Low |
| Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. | ||||
| CVE-2024-47662 | 1 Linux | 1 Linux Kernel | 2025-07-28 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and triggering the security violation when DMCUB work times out and diagnostics are collected blocks Z8 entry. [How] Remove the register read from DCN35. | ||||
| CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2025-07-25 | 8.8 High |
| Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | ||||
| CVE-2024-5491 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-25 | 7.5 High |
| Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler | ||||
| CVE-2025-50068 | 1 Oracle | 1 Mysql Cluster | 2025-07-24 | 6.7 Medium |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2010-0425 | 5 Apache, Broadcom, Ibm and 2 more | 6 Http Server, Vmware Ace Management Server, Http Server and 3 more | 2025-07-24 | N/A |
| modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." | ||||
| CVE-2024-22013 | 1 Google | 6 Nest Wifi Point, Nest Wifi Point Firmware, Nest Wifi Pro and 3 more | 2025-07-24 | 5.3 Medium |
| U-Boot environment is read from unauthenticated partition. | ||||
| CVE-2024-47030 | 1 Google | 2 Android, Pixel | 2025-07-24 | 5.1 Medium |
| Android before 2024-10-05 on Google Pixel devices allows information disclosure in the ACPM component, A-315191818. | ||||
| CVE-2024-47031 | 1 Google | 2 Android, Pixel | 2025-07-24 | 7.4 High |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861. | ||||
| CVE-2024-8418 | 2 Containers, Redhat | 3 Aardvark-dns, Enterprise Linux, Openshift | 2025-07-24 | 7.5 High |
| A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. | ||||
| CVE-2022-35768 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2022-30206 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Print Spooler Elevation of Privilege Vulnerability | ||||
| CVE-2022-30165 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-07-24 | 8.8 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2022-29126 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2025-07-24 | 7 High |
| Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability | ||||
| CVE-2022-29106 | 1 Microsoft | 4 Windows 10, Windows Server 2016, Windows Server 2019 and 1 more | 2025-07-24 | 7 High |
| Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | ||||