Total
301246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51596 | 2 Bluez, Redhat | 2 Bluez, Enterprise Linux | 2025-07-08 | 7.1 High |
| BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939. | ||||
| CVE-2025-47966 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | 9.8 Critical |
| Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29817 | 1 Microsoft | 1 Power Automate For Desktop | 2025-07-08 | 5.7 Medium |
| Uncontrolled search path element in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2024-49563 | 1 Dell | 1 Unity Operating Environment | 2025-07-08 | 7.8 High |
| Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges and elevation of privileges. | ||||
| CVE-2025-29825 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | 6.5 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2024-12766 | 1 Lollms | 1 Lollms Web Ui | 2025-07-08 | N/A |
| parisneo/lollms-webui version V13 (feather) suffers from a Server-Side Request Forgery (SSRF) vulnerability in the `POST /api/proxy` REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized web resources by specifying the JSON parameter `{"url":"http://steal.target"}`. Existing security mechanisms such as `forbid_remote_access(lollmsElfServer)`, `lollmsElfServer.config.headless_server_mode`, and `check_access(lollmsElfServer, request.client_id)` do not protect against this vulnerability. | ||||
| CVE-2025-29834 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | 7.5 High |
| Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-33065 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33063 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33062 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33061 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33060 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33059 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33058 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-33055 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-32720 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-32719 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-08 | 5.5 Medium |
| Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | ||||
| CVE-2025-45938 | 2025-07-08 | 5.4 Medium | ||
| Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter. | ||||
| CVE-2025-6926 | 2025-07-08 | 8.8 High | ||
| Improper Authentication vulnerability in Wikimedia Foundation Mediawiki - CentralAuth Extension allows : Bypass Authentication.This issue affects Mediawiki - CentralAuth Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||
| CVE-2025-53489 | 2025-07-08 | 5.6 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2. | ||||