Total
9570 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6861 | 1 Redhat | 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more | 2025-08-01 | 7.5 High |
| A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. | ||||
| CVE-2025-49177 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-08-01 | 6.1 Medium |
| A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. | ||||
| CVE-2025-8226 | 1 Yanyutao0402 | 1 Chancms | 2025-08-01 | 4.3 Medium |
| A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2025-27784 | 1 Applio | 1 Applio | 2025-08-01 | 7.5 High |
| Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_pth` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available. | ||||
| CVE-2025-27785 | 1 Applio | 1 Applio | 2025-08-01 | 7.5 High |
| Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to arbitrary file read in train.py's `export_index` function. This issue may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to. As of time of publication, no known patches are available. | ||||
| CVE-2025-30214 | 1 Frappe | 1 Frappe | 2025-08-01 | 7.5 High |
| Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading. | ||||
| CVE-2025-20129 | 1 Cisco | 2 Socialminer, Unified Contact Center Express | 2025-08-01 | 4.3 Medium |
| A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker. | ||||
| CVE-2024-4467 | 1 Redhat | 7 Advanced Virtualization, Container Native Virtualization, Enterprise Linux and 4 more | 2025-08-01 | 7.8 High |
| A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. | ||||
| CVE-2025-43246 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-07-31 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access sensitive user data. | ||||
| CVE-2025-31279 | 1 Apple | 5 Ipados, Macos, Macos Sequoia and 2 more | 2025-07-31 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, iPadOS 17.7.9, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint the user. | ||||
| CVE-2025-43189 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2025-07-31 | 9.8 Critical |
| This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to read kernel memory. | ||||
| CVE-2025-4426 | 1 Insyde | 1 Insydeh2o | 2025-07-31 | 6 Medium |
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | ||||
| CVE-2025-43215 | 1 Apple | 2 Macos, Macos Sequoia | 2025-07-31 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may result in disclosure of process memory. | ||||
| CVE-2025-43018 | 1 Hp | 5 Hp, Laserjet Mfp M428, Laserjet Mfp M429 and 2 more | 2025-07-31 | N/A |
| Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | ||||
| CVE-2025-54425 | 1 Umbraco | 1 Umbraco Cms | 2025-07-31 | 5.3 Medium |
| Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also possible to configure output caching, such that the delivery API outputs will be cached for a period of time, improving performance. There's an issue when these two things are used together, where caching doesn't vary by the header that contains the API key. As such, it's possible for a user without a valid API key to retrieve a response for a given path and query if it has recently been requested and cached by request with a valid key. This is fixed in versions 13.9.3, 15.4.4 and 16.1.1. | ||||
| CVE-2024-20396 | 1 Cisco | 2 Webex App, Webex Teams | 2025-07-31 | 5.3 Medium |
| A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests. | ||||
| CVE-2025-6199 | 1 Redhat | 1 Enterprise Linux | 2025-07-31 | 3.3 Low |
| A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error results in uninitialized sections of the buffer being included in the output, potentially leaking arbitrary memory contents in the processed image. | ||||
| CVE-2020-36850 | 1 Sitecore | 1 Sitecore | 2025-07-31 | N/A |
| An information disclosure vulnerability exits in Sitecore JSS React Sample Application 11.0.0 - 14.0.1 that may cause page content intended for one user to be shown to another user. | ||||
| CVE-2025-3508 | 1 Hp | 4 Designjet T1700, Designjet Z6, Designjet Z9 and 1 more | 2025-07-31 | N/A |
| Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information. | ||||
| CVE-2024-24919 | 1 Checkpoint | 7 Cloudguard Network, Cloudguard Network Security, Quantum Security Gateway and 4 more | 2025-07-30 | 8.6 High |
| Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. | ||||