Total
11760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59535 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-09-29 | N/A | 6.5 MEDIUM |
| DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, arbitrary themes can be loaded through query parameters. If an installed theme had a vulnerability, even if it was not used on any page, this could be loaded on unsuspecting clients without knowledge of the site owner. This issue has been patched in version 10.1.0. | |||||
| CVE-2025-10975 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | |||||
| CVE-2025-10974 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | |||||
| CVE-2025-10965 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10950 | 2025-09-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2023-5058 | 1 Phoenixtech | 1 Securecore Technology | 2025-09-25 | N/A | 7.8 HIGH |
| Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | |||||
| CVE-2025-23336 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Triton Inference Server | 2025-09-25 | N/A | 4.4 MEDIUM |
| NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2024-23198 | 1 Intel | 14 Killer, Killer Wi-fi 6 Ax1650, Killer Wi-fi 6e Ax1675 and 11 more | 2025-09-25 | N/A | 6.6 MEDIUM |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access. | |||||
| CVE-2025-47314 | 1 Qualcomm | 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more | 2025-09-25 | N/A | 7.8 HIGH |
| Memory corruption while processing data sent by FE driver. | |||||
| CVE-2025-50233 | 1 Q-cms | 1 Qcms | 2025-09-23 | N/A | 6.5 MEDIUM |
| A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information. | |||||
| CVE-2014-125117 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2025-09-23 | N/A | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges. | |||||
| CVE-2025-59532 | 2025-09-22 | N/A | N/A | ||
| Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This logic bypassed the intended workspace boundary and enables arbitrary file writes and command execution where the Codex process has permissions - this did not impact the network-disabled sandbox restriction. This issue has been patched in Codex CLI 0.39.0 that canonicalizes and validates that the boundary used for sandbox policy is based on where the user started the session, and not the one generated by the model. Users running 0.38.0 or earlier should update immediately via their package manager or by reinstalling the latest Codex CLI to ensure sandbox boundaries are enforced. If using the Codex IDE extension, users should immediately update to 0.4.12 for a fix of the sandbox issue. | |||||
| CVE-2025-53809 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-09-22 | N/A | 6.5 MEDIUM |
| Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network. | |||||
| CVE-2025-58114 | 1 Hallowelt | 1 Bluespice | 2025-09-22 | N/A | 4.8 MEDIUM |
| Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1. | |||||
| CVE-2024-3372 | 1 Mongodb | 1 Mongodb | 2025-09-22 | N/A | 7.5 HIGH |
| Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25. | |||||
| CVE-2014-0762 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2025-09-19 | 4.7 MEDIUM | N/A |
| The CG Automation Software DNP3 driver, used in the ePAQ-9410 Substation Gateway products, does not validate input correctly. An attacker could cause the software to go into an infinite loop, causing the process to crash. The system must be restarted manually to clear the condition. | |||||
| CVE-2014-0761 | 1 Qeiinc | 1 Epaq-9410 Substation Gateway | 2025-09-19 | 7.1 HIGH | N/A |
| The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet. | |||||
| CVE-2025-23041 | 1 Umbraco | 1 Umbraco Forms | 2025-09-19 | N/A | 5.8 MEDIUM |
| Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-48608 | 1 Adobe | 1 Experience Manager | 2025-09-19 | N/A | 3.5 LOW |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by an Improper Input Validation vulnerability. A low-privileged attacker could leverage this vulnerability to achieve a low-integrity impact within the application. Exploitation of this issue requires user interaction. | |||||
| CVE-2025-34157 | 1 Coollabs | 1 Coolify | 2025-09-19 | N/A | 9.0 CRITICAL |
| Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator attempts to delete the project or its associated resource, the payload executes in the admin’s browser context. This results in full compromise of the Coolify instance, including theft of API tokens, session cookies, and access to WebSocket-based terminal sessions on managed servers. | |||||