Total
305322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52187 | 1 Getprojects | 1 Create School Management System | 2025-08-06 | 8.2 High |
| GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php. | ||||
| CVE-2025-8454 | 1 Debian | 1 Devscripts | 2025-08-06 | 9.8 Critical |
| It was discovered that uscan, a tool to scan/watch upstream sources for new releases of software, included in devscripts (a collection of scripts to make the life of a Debian Package maintainer easier), skips OpenPGP verification if the upstream source is already downloaded from a previous run even if the verification failed back then. | ||||
| CVE-2025-51954 | 1 Electronhub | 1 Ai Playground | 2025-08-06 | 6.1 Medium |
| playground.electronhub.ai v1.1.9 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2025-4674 | 1 Gotoolchain | 1 Cmd/go | 2025-08-06 | 8.6 High |
| The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected. | ||||
| CVE-2025-43276 | 1 Apple | 2 Macos, Macos Sequoia | 2025-08-06 | 5.3 Medium |
| A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time. | ||||
| CVE-2012-10034 | 1 Clansphere | 1 Clansphere | 2025-08-06 | N/A |
| ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks. | ||||
| CVE-2012-10033 | 1 Angstrom Distribution | 1 Narcissus | 2025-08-06 | N/A |
| Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context. | ||||
| CVE-2012-10029 | 1 Nagios | 3 Nagios, Nagios Xi, Xi | 2025-08-06 | N/A |
| Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters such as `host`, resulting in remote code execution. | ||||
| CVE-2025-2611 | 1 Ict Innovations | 1 Ictbroadcast | 2025-08-06 | N/A |
| The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable. | ||||
| CVE-2024-28883 | 1 F5 | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Big-ip Apm | 2025-08-06 | 7.4 High |
| An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-6297 | 1 Debian | 1 Dpkg | 2025-08-06 | 8.2 High |
| It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. | ||||
| CVE-2015-0849 | 1 Debian | 1 Pycode-browser | 2025-08-06 | 3.9 Low |
| pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. | ||||
| CVE-2025-5040 | 1 Autodesk | 1 Revit | 2025-08-06 | 7.8 High |
| A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-5037 | 1 Autodesk | 1 Revit | 2025-08-06 | 7.8 High |
| A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-5036 | 1 Autodesk | 1 Revit | 2025-08-06 | 7.8 High |
| A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2015-0843 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | ||||
| CVE-2015-0842 | 1 Debian | 1 Yubiserver | 2025-08-06 | 9.8 Critical |
| yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. | ||||
| CVE-2025-20120 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2025-08-06 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2024-2467 | 1 Redhat | 2 Enterprise Linux, Openssl | 2025-08-06 | 5.9 Medium |
| A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. | ||||
| CVE-2024-20374 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2025-08-06 | 6.5 Medium |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficient input validation of certain HTTP request parameters that are sent to the web-based management interface. An attacker could exploit this vulnerability by authenticating to the Cisco FMC web-based management interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute commands as the root user on the affected device. To exploit this vulnerability, an attacker would need Administrator-level credentials. | ||||