Filtered by CWE-20
Total 12595 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-27388 1 Oppo 1 Health App 2025-08-16 N/A
Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.
CVE-2025-8963 1 Jeecg 1 Jimureport 2025-08-16 6.3 Medium
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".
CVE-2025-7507 1 Wordpress 1 Wordpress 2025-08-16 6.4 Medium
The elink – Embed Content plugin for WordPress is vulnerable to Malicious Redirect in all versions up to, and including, 1.1.0. This is due to the plugin not restricting URLS that can be supplied through the elink shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to supply an HTML file that can be leverged to redirect users to a malicious domain.
CVE-2024-20495 1 Cisco 3 Adaptive Security Appliance Software, Firepower Threat Defense, Firepower Threat Defense Software 2025-08-15 8.6 High
A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of client key data after the TLS session is established. An attacker could exploit this vulnerability by sending a crafted key value to an affected system over the secure TLS session. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
CVE-2025-3885 1 Samsung 2 Harman Mgu21, Harman Mgu21 Firmware 2025-08-15 6.5 Medium
Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.
CVE-2025-49554 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-08-15 7.5 High
Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing the application to crash or become unresponsive. Exploitation of this issue does not require user interaction.
CVE-2025-8876 1 N-able 1 N-central 2025-08-15 8.8 High
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
CVE-2025-7971 1 Rockwellautomation 1 Studio 5000 Logix Designer 2025-08-15 N/A
A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash.
CVE-2021-27923 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Enterprise Linux and 1 more 2025-08-15 7.5 High
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
CVE-2021-27922 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Enterprise Linux and 1 more 2025-08-15 7.5 High
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27921 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Enterprise Linux and 1 more 2025-08-15 7.5 High
Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2025-32004 1 Intel 2 Edger8r Tool, Sgx Sdk 2025-08-15 3.9 Low
Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-44779 1 Ollama 1 Ollama 2025-08-14 6.6 Medium
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.
CVE-2025-48913 1 Apache 1 Cxf 2025-08-14 9.8 Critical
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
CVE-2024-22338 1 Ibm 1 Security Verify Access Oidc Provider 2025-08-14 4 Medium
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.
CVE-2025-4424 1 Insyde 1 Insydeh2o 2025-08-14 6 Medium
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home
CVE-2025-4277 1 Insyde 1 Insydeh2o 2025-08-14 7.5 High
Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
CVE-2025-4276 1 Insyde 1 Insydeh2o 2025-08-14 7.5 High
UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.
CVE-2025-4410 1 Insyde 1 Insydeh2o 2025-08-14 7.5 High
A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code.
CVE-2025-21086 2 Intel, Linux 2 Ethernet 700 Series Software, Linux Kernel 2025-08-14 7.5 High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege.