Search
Search Results (328091 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1275 | 1 Autodesk | 12 Advance Steel, Autocad, Autocad Architecture and 9 more | 2025-08-19 | 7.8 High |
| A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2025-27071 | 1 Qualcomm | 69 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 66 more | 2025-08-19 | 7.3 High |
| Memory corruption while processing specific files in Powerline Communication Firmware. | ||||
| CVE-2025-27076 | 1 Qualcomm | 91 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 88 more | 2025-08-19 | 7.8 High |
| Memory corruption while processing simultaneous requests via escape path. | ||||
| CVE-2025-4371 | 2025-08-19 | 6.8 Medium | ||
| A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection. | ||||
| CVE-2024-49785 | 1 Ibm | 2 Watsonx.ai, Watsonx.ai On Cloud Pak For Data | 2025-08-19 | 5.4 Medium |
| IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-49797 | 2025-08-19 | N/A | ||
| Multiple Brother driver installers for Windows contain a privilege escalation vulnerability. If exploited, an arbitrary program may be executed with the administrative privilege. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2025-54982 | 1 Zscaler | 1 Authentication Server | 2025-08-19 | 9.6 Critical |
| An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. | ||||
| CVE-2025-8356 | 1 Xerox | 1 Freeflow Core | 2025-08-19 | 9.8 Critical |
| In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. | ||||
| CVE-2025-57725 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57724 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57723 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57722 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57721 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57720 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57719 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57718 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-57717 | 2025-08-19 | N/A | ||
| Not used | ||||
| CVE-2025-3495 | 2025-08-19 | 9.8 Critical | ||
| Delta Electronics COMMGR v1 and v2 uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code. | ||||
| CVE-2025-3277 | 2 Redhat, Sqlite | 2 Enterprise Linux, Sqlite | 2025-08-18 | 9.8 Critical |
| An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. | ||||
| CVE-2025-9103 | 1 Zen-cart | 1 Zen Cart | 2025-08-18 | 2.4 Low |
| A vulnerability was detected in ZenCart 2.1.0. Affected by this vulnerability is an unknown functionality of the component CKEditor. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor declares this as "intended behavior, allowed for authorized administrators". | ||||