Total
306467 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57727 | 1 Jetbrains | 1 Intellij Idea | 2025-08-21 | 4.7 Medium |
| In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference | ||||
| CVE-2025-40741 | 1 Siemens | 1 Solid Edge | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-57791 | 1 Commvault | 2 Commcell, Commvault | 2025-08-21 | 6.5 Medium |
| An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation. Successful exploitation results in a valid user session for a low privilege role. | ||||
| CVE-2025-40740 | 1 Siemens | 1 Solid Edge | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-40739 | 1 Siemens | 1 Solid Edge | 2025-08-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2025-57790 | 1 Commvault | 2 Commcell, Commvault | 2025-08-21 | 8.8 High |
| An issue was discovered in Commvault before 11.36.60. A security vulnerability has been identified that allows remote attackers to perform unauthorized file system access through a path traversal issue. The vulnerability may lead to remote code execution. | ||||
| CVE-2025-57789 | 1 Commvault | 2 Commcell, Commvault | 2025-08-21 | 5.4 Medium |
| An issue was discovered in Commvault before 11.36.60. During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. | ||||
| CVE-2024-4813 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument name leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-263934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-28447 | 1 Szlbt | 2 Lbt-t300-mini1, Lbt-t300-mini1 Firmware | 2025-08-21 | 6.5 Medium |
| Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi. | ||||
| CVE-2025-57703 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Reflected Cross-site Scripting | ||||
| CVE-2024-4814 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57702 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Reflected Cross-site Scripting | ||||
| CVE-2025-57701 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Reflected Cross-site Scripting | ||||
| CVE-2024-4815 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240506. Affected by this issue is some unknown functionality of the file /view/bugSolve/viewData/detail.php. The manipulation of the argument filename leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263936. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57700 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaenergie | 2025-08-21 | 6.1 Medium |
| DIAEnergie - Stored Cross-site Scripting | ||||
| CVE-2025-57788 | 1 Commvault | 2 Commcell, Commvault | 2025-08-21 | 6.5 Medium |
| An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. | ||||
| CVE-2024-4816 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2025-08-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55503 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 7.3 High |
| Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. | ||||
| CVE-2025-55483 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2025-08-21 | 7.5 High |
| Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. | ||||
| CVE-2025-51488 | 1 Moonshine | 1 Moonshine | 2025-08-21 | 4.9 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin. | ||||