Total
304525 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54652 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 8.4 High |
| Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module. | ||||
| CVE-2025-54606 | 1 Huawei | 1 Harmonyos | 2025-08-07 | 7.3 High |
| Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2025-21477 | 1 Qualcomm | 1 Snapdragon | 2025-08-07 | 7.5 High |
| Transient DOS while processing CCCH data when NW sends data with invalid length. | ||||
| CVE-2025-5197 | 1 Huggingface | 1 Transformers | 2025-08-07 | N/A |
| A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats. | ||||
| CVE-2025-21472 | 1 Qualcomm | 1 Snapdragon | 2025-08-07 | 5.5 Medium |
| Information disclosure while capturing logs as eSE debug messages are logged. | ||||
| CVE-2025-27075 | 1 Qualcomm | 1 Snapdragon | 2025-08-07 | 7.8 High |
| Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host. | ||||
| CVE-2025-21465 | 1 Qualcomm | 1 Snapdragon | 2025-08-07 | 6.5 Medium |
| Information disclosure while processing the hash segment in an MBN file. | ||||
| CVE-2025-21015 | 2 Samsung, Samsung Mobile | 2 Samsung Mobile Devices, Samsung Mobile Devices | 2025-08-07 | 4 Medium |
| Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | ||||
| CVE-2025-8545 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educar_motivo_afastamento_cad.php. The manipulation of the argument nm_motivo leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8544 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability classified as problematic was found in Portabilis i-Educar 2.10. Affected by this vulnerability is an unknown functionality of the file /module/RegraAvaliacao/edit. The manipulation of the argument nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8543 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8542 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8541 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8540 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8539 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8538 | 1 Portabilis | 1 I-educar | 2025-08-07 | 2.4 Low |
| A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7345 | 1 Redhat | 1 Enterprise Linux | 2025-08-07 | 7.5 High |
| A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. | ||||
| CVE-2025-20215 | 1 Cisco | 2 Webex, Webex Meetings | 2025-08-07 | 5.4 Medium |
| A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. | ||||
| CVE-2025-23326 | 1 Nvidia | 1 Triton Inference Server | 2025-08-07 | 7.5 High |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-23319 | 1 Nvidia | 1 Triton Inference Server | 2025-08-07 | 8.1 High |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure. | ||||