Filtered by NVD-CWE-Other
Total 29612 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-21673 1 Qualcomm 326 Aqt1000, Aqt1000 Firmware, Ar8035 and 323 more 2025-08-11 8.7 High
Improper Access to the VM resource manager can lead to Memory Corruption.
CVE-2023-43536 1 Qualcomm 618 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 615 more 2025-08-11 7.5 High
Transient DOS while parse fils IE with length equal to 1.
CVE-2024-49842 1 Qualcomm 358 Aqt1000, Aqt1000 Firmware, Ar8035 and 355 more 2025-08-11 7.8 High
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions.
CVE-2025-8258 2 Cool Mo, Coolmo 2 Maigcal Number App, Maigcal Number 2025-08-07 5.3 Medium
A vulnerability, which was classified as problematic, has been found in Cool Mo Maigcal Number App up to 1.0.3 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.sdmagic.number. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-5349 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-08-06 8.8 High
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
CVE-2024-20271 1 Cisco 14 Business 140ac, Business 140ac Access Point, Business 141acm and 11 more 2025-08-06 8.6 High
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain IPv4 packets. An attacker could exploit this vulnerability by sending a crafted IPv4 packet either to or through an affected device. A successful exploit could allow the attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To successfully exploit this vulnerability, the attacker does not need to be associated with the affected AP. This vulnerability cannot be exploited by sending IPv6 packets.
CVE-2025-8257 3 Google, Lobby Universe, Lobbyuniverse 3 Android, Lobby App, Lobby 2025-07-31 5.3 Medium
A vulnerability classified as problematic was found in Lobby Universe Lobby App up to 2.8.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.maverick.lobby. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-8210 2 Google, Yeelink 3 Android, Yeelight, Yeelight App 2025-07-31 5.3 Medium
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8207 3 Canara, Canarabank, Google 3 Ai1 Mobile Banking App, Ai1, Android 2025-07-31 5.3 Medium
A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8261 1 Vaelsys 1 Vaelsys 2025-07-31 7.3 High
A vulnerability was found in Vaelsys 4.1.0 and classified as critical. This issue affects some unknown processing of the file /grid/vgrid_server.php of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8204 1 Comodo 1 Dragon 2025-07-31 3.1 Low
A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-23752 1 Joomla 1 Joomla\! 2025-07-31 5.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVE-2024-12387 1 Binary-husky 1 Gpt Academic 2025-07-31 N/A
A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.
CVE-2024-58136 1 Yiiframework 1 Yii 2025-07-30 9 Critical
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
CVE-2021-25297 1 Nagios 1 Nagios Xi 2025-07-30 8.8 High
Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.
CVE-2022-27926 1 Zimbra 1 Collaboration 2025-07-30 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
CVE-2018-1273 3 Apache, Oracle, Pivotal Software 4 Ignite, Financial Services Crime And Compliance Management Studio, Spring Data Commons and 1 more 2025-07-30 9.8 Critical
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
CVE-2025-49138 1 Psu 1 Haxcms-php 2025-07-30 6.5 Medium
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
CVE-2012-4969 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server and 3 more 2025-07-30 8.1 High
Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
CVE-2014-9163 5 Adobe, Apple, Linux and 2 more 5 Flash Player, Mac Os X, Linux Kernel and 2 more 2025-07-30 9.8 Critical
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.