Total
29620 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24008 | 1 Fortinet | 5 Fortiddos, Fortiddos-cm, Fortimail and 2 more | 2025-07-24 | 5 Medium |
| An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiDDoS version 5.4.0, version 5.3.2 and below, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, version 4.6.0, version 4.5.0, version 4.4.2 and below, FortiDDoS-CM version 5.3.0, version 5.2.0, version 5.1.0, version 5.0.0, version 4.7.0, FortiVoice version 6.0.6 and below, FortiRecorder version 6.0.3 and below and FortiMail version 6.4.1 and below, version 6.2.4 and below, version 6.0.9 and below may allow a remote, unauthenticated attacker to obtain potentially sensitive software-version information by reading a JavaScript file. | ||||
| CVE-2025-7021 | 1 Openai | 1 Operator | 2025-07-24 | 6.5 Medium |
| Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site. | ||||
| CVE-2021-34782 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 4.3 Medium |
| A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid device credentials. This vulnerability is due to improper access controls on API endpoints. An attacker could exploit the vulnerability by sending a specific API request to an affected application. A successful exploit could allow the attacker to obtain sensitive information about other users who are configured with higher privileges on the application. | ||||
| CVE-2024-23591 | 1 Lenovo | 2 Thinksystem Sr670 V2, Thinksystem Sr670 V2 Firmware | 2025-07-23 | 2 Low |
| ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. | ||||
| CVE-2024-34517 | 1 Neo4j | 1 Neo4j | 2025-07-23 | 6.5 Medium |
| The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access. | ||||
| CVE-2024-52965 | 1 Fortinet | 2 Fortios, Fortiproxy | 2025-07-22 | 6.8 Medium |
| A missing critical step in authentication vulnerability [CWE-304] in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user using api-key + PKI user certificate authentication to login even if the certificate is invalid. | ||||
| CVE-2025-20965 | 1 Samsung | 1 Bixby | 2025-07-18 | 6.2 Medium |
| Improper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data. | ||||
| CVE-2025-20896 | 1 Samsung | 1 Easysetup | 2025-07-17 | 4 Medium |
| Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information. | ||||
| CVE-2025-20895 | 1 Samsung | 1 Galaxy Store | 2025-07-17 | 3.2 Low |
| Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard. | ||||
| CVE-2024-20870 | 1 Samsung | 1 Galaxy Store | 2025-07-17 | 5.1 Medium |
| Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | ||||
| CVE-2025-20950 | 1 Samsung | 1 Notes | 2025-07-17 | 4 Medium |
| Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information. | ||||
| CVE-2025-20951 | 1 Samsung | 1 Galaxy Store | 2025-07-17 | 5.1 Medium |
| Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | ||||
| CVE-2024-49416 | 1 Samsung | 1 Smartthings | 2025-07-17 | 4 Medium |
| Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. | ||||
| CVE-2024-20850 | 1 Samsung | 1 Samsung Pay | 2025-07-17 | 6.2 Medium |
| Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay. | ||||
| CVE-2024-20852 | 1 Samsung | 1 Smartthings | 2025-07-17 | 5.9 Medium |
| Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. | ||||
| CVE-2025-20977 | 2 Samsung, Samsung Mobile | 2 Notes, Samsung Notes | 2025-07-16 | 3.3 Low |
| Use of implicit intent for sensitive communication in translation in Samsung Notes prior to version 4.4.29.23 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-20972 | 1 Samsung | 1 Flow | 2025-07-16 | 6.2 Medium |
| Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration. | ||||
| CVE-2024-35252 | 1 Microsoft | 1 Azure Storage Data Movement Library | 2025-07-16 | 7.5 High |
| Azure Storage Movement Client Library Denial of Service Vulnerability | ||||
| CVE-2024-30103 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2025-07-16 | 8.8 High |
| Microsoft Outlook Remote Code Execution Vulnerability | ||||
| CVE-2024-29060 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-16 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||