Total
305314 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54229 | 2025-08-13 | 7.8 High | ||
| Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54791 | 2025-08-13 | 5.3 Medium | ||
| OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. | ||||
| CVE-2025-55005 | 2025-08-13 | 5.5 Medium | ||
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. This issue has been patched in version 7.1.2-1. | ||||
| CVE-2025-51452 | 2025-08-13 | N/A | ||
| In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-51691 | 2025-08-13 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 (May 2025) allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before rendering it. Successful exploitation could lead to session hijacking, credential theft, or arbitrary client-side code execution in the context of the victim's browser. | ||||
| CVE-2025-52585 | 2025-08-13 | 7.5 High | ||
| When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-50612 | 2025-08-13 | N/A | ||
| A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | ||||
| CVE-2025-50613 | 2025-08-13 | N/A | ||
| A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | ||||
| CVE-2025-53719 | 2025-08-13 | 5.7 Medium | ||
| Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-53721 | 2025-08-13 | 7 High | ||
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53724 | 2025-08-13 | 7.8 High | ||
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53729 | 2025-08-13 | 7.8 High | ||
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53740 | 2025-08-13 | 8.4 High | ||
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-50608 | 2025-08-13 | N/A | ||
| A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | ||||
| CVE-2025-51451 | 2025-08-13 | N/A | ||
| In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | ||||
| CVE-2025-50594 | 2025-08-13 | N/A | ||
| An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password. | ||||
| CVE-2024-40588 | 1 Fortinet | 4 Forticamera, Fortimail, Fortirecorder and 1 more | 2025-08-13 | 4.2 Medium |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4, FortiCamera & FortiNDR version 7.6.0 and before 7.4.6 may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. | ||||
| CVE-2024-52964 | 1 Fortinet | 1 Fortimanager | 2025-08-13 | 5.2 Medium |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests. | ||||
| CVE-2025-2181 | 2025-08-13 | N/A | ||
| A sensitive information disclosure vulnerability in Palo Alto Networks Checkov by Prisma® Cloud can result in the cleartext exposure of Prisma Cloud access keys in Checkov's output. | ||||
| CVE-2025-2182 | 1 Palo Alto Networks | 1 Pan-os | 2025-08-13 | N/A |
| A problem with the implementation of the MACsec protocol in Palo Alto Networks PAN-OS® results in the cleartext exposure of the connectivity association key (CAK). This issue is only applicable to PA-7500 Series devices which are in an NGFW cluster. A user who possesses this key can read messages being sent between devices in a NGFW Cluster. There is no impact in non-clustered firewalls or clusters of firewalls that do not enable MACsec. | ||||