Total
305889 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2233 | 1 Samsung | 1 Smartthings | 2025-08-08 | N/A |
| Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615. | ||||
| CVE-2024-8402 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 3.7 Low |
| An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code. | ||||
| CVE-2025-0652 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 4.3 Medium |
| An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only. | ||||
| CVE-2025-1257 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 6.5 Medium |
| An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs. | ||||
| CVE-2025-2837 | 1 Silabs | 1 Gecko Os | 2025-08-08 | N/A |
| Silicon Labs Gecko OS HTTP Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23245. | ||||
| CVE-2025-2838 | 1 Silabs | 1 Gecko Os | 2025-08-08 | N/A |
| Silicon Labs Gecko OS DNS Response Processing Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of DNS responses. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23392. | ||||
| CVE-2025-45512 | 1 Denx | 1 U-boot | 2025-08-07 | 6.5 Medium |
| A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution. | ||||
| CVE-2025-2028 | 1 Checkpoint | 2 Check Point, Management Log Server | 2025-08-07 | 6.5 Medium |
| Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs | ||||
| CVE-2024-52885 | 1 Checkpoint | 2 Check Point, Mobile Access Portal Agent | 2025-08-07 | 5 Medium |
| The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway. | ||||
| CVE-2025-29865 | 1 Tagfree | 1 X Free Uploader | 2025-08-07 | N/A |
| : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035. | ||||
| CVE-2025-54798 | 1 Raszi | 1 Node-tmp | 2025-08-07 | 2.5 Low |
| tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4. | ||||
| CVE-2025-29866 | 1 Tagfree | 1 X Free Uploader | 2025-08-07 | N/A |
| : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035. | ||||
| CVE-2025-8533 | 1 Flexibits | 1 Fantastical | 2025-08-07 | N/A |
| A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16. | ||||
| CVE-2025-47907 | 1 Golang | 1 Database Sql | 2025-08-07 | 7 High |
| Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error. | ||||
| CVE-2025-54564 | 1 Chargepoint | 1 Home Flex | 2025-08-07 | 7.8 High |
| uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as the nobody user. | ||||
| CVE-2025-8697 | 2025-08-07 | 6.3 Medium | ||
| A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50740 | 2025-08-07 | 6.1 Medium | ||
| AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting (xss) vulnerability. The AutoConnect web interface /_ac/config allows HTML/JS code to be executed via a crafted network SSID. | ||||
| CVE-2024-55399 | 2025-08-07 | 6.5 Medium | ||
| 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF). | ||||
| CVE-2024-55398 | 2025-08-07 | 6.5 Medium | ||
| 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. | ||||
| CVE-2024-55402 | 2025-08-07 | 5.3 Medium | ||
| 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. | ||||