Total
306755 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51452 | 1 Totolink | 2 A7000r, A7000r Firmware | 2025-08-14 | 9.8 Critical |
| In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-50594 | 2025-08-14 | 9.8 Critical | ||
| An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password. | ||||
| CVE-2025-43982 | 2025-08-14 | 9.8 Critical | ||
| Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI. | ||||
| CVE-2024-39690 | 2 Clastix, Projectcapsule | 2 Capsule, Capsule | 2025-08-14 | 8.5 High |
| Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch. | ||||
| CVE-2025-54705 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 4.3 Medium |
| Missing Authorization vulnerability in magepeopleteam WpEvently allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpEvently: from n/a through 4.4.6. | ||||
| CVE-2025-47479 | 2 Wordpress, Wpcompress | 2 Wordpress, Wp Compress | 2025-08-14 | 5.3 Medium |
| Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30. | ||||
| CVE-2025-7066 | 1 Jirafeau | 1 Jirafeau | 2025-08-14 | 6.1 Medium |
| Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma. | ||||
| CVE-2025-54706 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor Alam Magical Posts Display allows DOM-Based XSS. This issue affects Magical Posts Display: from n/a through 1.2.52. | ||||
| CVE-2025-6663 | 2 Gstreamer, Gstreamer Project | 2 Gstreamer, Gstreamer | 2025-08-14 | N/A |
| GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H266 sei messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27381. | ||||
| CVE-2025-54707 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF allows SQL Injection. This issue affects MDTF: from n/a through 1.3.3.7. | ||||
| CVE-2011-10017 | 1 Snort | 1 Snort | 2025-08-14 | N/A |
| Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and can result in full compromise of the underlying system. | ||||
| CVE-2025-6810 | 1 Mescius | 1 Activereports.net | 2025-08-14 | N/A |
| Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of the ReadValue method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25246. | ||||
| CVE-2020-25559 | 1 Gnuplot | 1 Gnuplot | 2025-08-14 | 7.8 High |
| gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. | ||||
| CVE-2017-9670 | 1 Gnuplot | 1 Gnuplot | 2025-08-14 | N/A |
| An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file. | ||||
| CVE-2020-25969 | 1 Gnuplot | 1 Gnuplot | 2025-08-14 | 9.8 Critical |
| gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). | ||||
| CVE-2025-25172 | 2 Beeteam368, Wordpress | 2 Vidmov, Wordpress | 2025-08-14 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4. | ||||
| CVE-2025-54698 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2025-08-14 | 5.4 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing allows Code Injection. This issue affects Classified Listing: from n/a through 5.0.0. | ||||
| CVE-2025-54700 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4. | ||||
| CVE-2025-6811 | 1 Mescius | 1 Activereports.net | 2025-08-14 | N/A |
| Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the TypeResolutionService class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25397. | ||||
| CVE-2025-23306 | 1 Nvidia | 1 Megatron-lm | 2025-08-14 | 7.8 High |
| NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||