Total
305370 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53734 | 1 Microsoft | 7 365, 365 Apps, Office and 4 more | 2025-08-13 | 7.8 High |
| Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53723 | 2 Microsoft, Windows | 15 Windows, Windows 10, Windows 10 1507 and 12 more | 2025-08-13 | 7.8 High |
| Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49559 | 1 Adobe | 1 Commerce | 2025-08-13 | 5.3 Medium |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to modify limited data. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-49557 | 1 Adobe | 1 Commerce | 2025-08-13 | 8.7 High |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. These scripts may be used to escalate privileges within the application or compromise sensitive user data. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2025-48807 | 1 Microsoft | 13 Hyper-v, Server, Windows and 10 more | 2025-08-13 | 7.5 High |
| Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | ||||
| CVE-2025-53726 | 1 Microsoft | 16 Server, Windows, Windows 10 and 13 more | 2025-08-13 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49558 | 1 Adobe | 1 Commerce | 2025-08-13 | 5.9 Medium |
| Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability by manipulating the timing between the check of a resource's state and its use, allowing unauthorized write access. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-54228 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-08-13 | 5.5 Medium |
| InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-22838 | 1 Intel | 1 Realsense Software | 2025-08-13 | 6.7 Medium |
| Uncontrolled search path for some Intel(R) RealSense(TM) Dynamic Calibrator software before version 2.14.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-25256 | 1 Fortinet | 1 Fortisiem | 2025-08-13 | 9.8 Critical |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests. | ||||
| CVE-2025-52970 | 1 Fortinet | 1 Fortiweb | 2025-08-13 | 7.7 High |
| A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request. | ||||
| CVE-2025-50154 | 1 Microsoft | 12 Windows, Windows 10 1507, Windows 10 1607 and 9 more | 2025-08-13 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-53760 | 1 Microsoft | 3 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2019 | 2025-08-13 | 7.1 High |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-54191 | 1 Adobe | 1 Substance 3d Painter | 2025-08-13 | 5.5 Medium |
| Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-53788 | 1 Microsoft | 1 Windows Subsystem For Linux | 2025-08-13 | 7 High |
| Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-53721 | 1 Microsoft | 12 Server, Windows, Windows 10 1809 and 9 more | 2025-08-13 | 7 High |
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-7384 | 2 Crmperks, Wordpress | 2 Database For Contact Form 7, Wpforms, Elementor Forms, Wordpress | 2025-08-13 | 9.8 Critical |
| The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the get_lead_detail function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain in the Contact Form 7 plugin, which is likely to be used alongside, allows attackers to delete arbitrary files, leading to a denial of service or remote code execution when the wp-config.php file is deleted. | ||||
| CVE-2025-0818 | 1 Wordpress | 1 Wordpress | 2025-08-13 | 6.5 Medium |
| Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an instance of the file manager available to users. | ||||
| CVE-2025-8491 | 2 Nikelschubert, Wordpress | 2 Easy Restaurant Menu Manager Plugin, Wordpress | 2025-08-13 | 4.3 Medium |
| The Easy restaurant menu manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the nsc_eprm_save_menu() function. This makes it possible for unauthenticated attackers to upload a menu file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-55345 | 1 Openai | 1 Codex | 2025-08-13 | 8.8 High |
| Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory. | ||||