Total
306439 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8309 | 2025-08-21 | 8.1 High | ||
| There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940. | ||||
| CVE-2023-43826 | 1 Apache | 1 Guacamole | 2025-08-21 | 0 Low |
| Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. | ||||
| CVE-2025-9074 | 2025-08-21 | N/A | ||
| A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop. | ||||
| CVE-2025-57732 | 2025-08-21 | 7.5 High | ||
| In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership | ||||
| CVE-2025-57729 | 2025-08-21 | 6.5 Medium | ||
| In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start | ||||
| CVE-2025-57790 | 2025-08-21 | N/A | ||
| An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution. | ||||
| CVE-2025-57789 | 2025-08-21 | N/A | ||
| An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. | ||||
| CVE-2025-9132 | 2025-08-21 | 8.8 High | ||
| Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-9187 | 2025-08-21 | 9.8 Critical | ||
| Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. | ||||
| CVE-2025-48757 | 2025-08-21 | 9.3 Critical | ||
| An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites. NOTE: this is disputed by the Supplier because each individual customer of the Lovable platform accepts a responsibility over protecting the data of their application. | ||||
| CVE-2025-6199 | 2 Gnome, Redhat | 2 Gdkpixbuf, Enterprise Linux | 2025-08-21 | 3.3 Low |
| A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. | ||||
| CVE-2025-5318 | 2 Libssh, Redhat | 4 Libssh, Enterprise Linux, Openshift and 1 more | 2025-08-21 | 5.4 Medium |
| A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior. | ||||
| CVE-2025-47712 | 2 Nbdkit Project, Redhat | 4 Nbdkit, Advanced Virtualization, Enterprise Linux and 1 more | 2025-08-21 | 4.3 Medium |
| A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. | ||||
| CVE-2024-34449 | 1 B3log | 1 Vditor | 2025-08-21 | 6.1 Medium |
| Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true. | ||||
| CVE-2025-48978 | 2025-08-21 | N/A | ||
| An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later. | ||||
| CVE-2025-27217 | 2025-08-21 | N/A | ||
| A Server-Side Request Forgery (SSRF) in the UISP Application may allow a malicious actor with certain permissions to make requests outside of UISP Application scope. | ||||
| CVE-2025-27216 | 2025-08-21 | N/A | ||
| Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges. | ||||
| CVE-2025-27215 | 2025-08-21 | N/A | ||
| An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast (Version 1.10.3 and earlier) UniFi Connect Display Cast Pro (Version 1.0.89 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect Display Cast to Version 1.10.7 or later Update UniFi Connect Display Cast Pro to Version 1.0.94 or later Update UniFi Connect Display Cast Lite to Version 1.1.8 or later | ||||
| CVE-2025-27214 | 2025-08-21 | N/A | ||
| A Missing Authentication for Critical Function vulnerability in the UniFi Connect EV Station Pro may allow a malicious actor with physical or adjacent access to perform an unauthorized factory reset. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later | ||||
| CVE-2025-27213 | 2025-08-21 | N/A | ||
| An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro (Version 1.5.18 and earlier) UniFi Connect Display (Version 1.9.324 and earlier) UniFi Connect Display Cast (Version 1.9.301 and earlier) UniFi Connect Display Cast Pro (Version 1.0.78 and earlier) UniFi Connect Display Cast Lite (Version 1.0.3 and earlier) Mitigation: Update UniFi Connect EV Station Pro to Version 1.5.27 or later Update UniFi Connect Display to Version 1.13.6 or later Update UniFi Connect Display Cast to Version 1.10.3 or later Update UniFi Connect Display Cast Pro to Version 1.0.83 or later Update UniFi Connect Display Cast Lite to Version 1.1.3 or later | ||||