Total
32153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2713 | 1 Google | 1 Gvisor | 2025-08-13 | 7.8 High |
| Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork. | ||||
| CVE-2025-2867 | 1 Gitlab | 1 Gitlab | 2025-08-13 | 4.4 Medium |
| An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. | ||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2025-08-13 | 8.8 High |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | ||||
| CVE-2024-12619 | 1 Gitlab | 1 Gitlab | 2025-08-13 | 5.2 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. | ||||
| CVE-2023-27334 | 1 Softing | 4 Edgeaggregator, Edgeconnector, Opc Ua C\+\+ Software Development Kit and 1 more | 2025-08-13 | N/A |
| Softing edgeConnector Siemens ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20498. | ||||
| CVE-2025-21010 | 1 Samsung | 2 Android, Samsung Account App | 2025-08-12 | 6 Medium |
| Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. | ||||
| CVE-2025-20990 | 1 Samsung | 4 Android, Mobile, Samsung Mobile and 1 more | 2025-08-12 | 4 Medium |
| Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. | ||||
| CVE-2025-54611 | 1 Huawei | 3 Appgallery, Emui, Harmonyos | 2025-08-12 | 7.3 High |
| EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-2938 | 1 Gitlab | 1 Gitlab | 2025-08-12 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. | ||||
| CVE-2025-53186 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | 5.9 Medium |
| Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-53178 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | 4.8 Medium |
| Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units. | ||||
| CVE-2025-53177 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | 3.9 Low |
| Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches. | ||||
| CVE-2025-53168 | 1 Huawei | 1 Harmonyos | 2025-08-12 | 5.7 Medium |
| Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness. | ||||
| CVE-2025-5982 | 1 Gitlab | 1 Gitlab | 2025-08-12 | 3.7 Low |
| An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2024-52903 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2025-08-12 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2025-8279 | 1 Gitlab | 2 Gitlab-language-server, Language Server | 2025-08-11 | 8.7 High |
| Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution | ||||
| CVE-2025-49591 | 1 Xwiki | 1 Cryptpad | 2025-08-11 | 9.1 Critical |
| CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0. | ||||
| CVE-2021-1425 | 1 Cisco | 10 Asyncos, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M195 and 7 more | 2025-08-11 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-33065 | 1 Qualcomm | 81 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 78 more | 2025-08-11 | 8.4 High |
| Memory corruption while taking snapshot when an offset variable is set by camera driver. | ||||
| CVE-2024-21453 | 1 Qualcomm | 26 C-v2x 9150, C-v2x 9150 Firmware, Qcs410 and 23 more | 2025-08-11 | 7.5 High |
| Transient DOS while decoding message of size that exceeds the available system memory. | ||||