Total
13172 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43542 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 6.5 Medium |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | ||||
| CVE-2024-43540 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 6.5 Medium |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | ||||
| CVE-2024-43538 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 6.5 Medium |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | ||||
| CVE-2024-43526 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 6.8 Medium |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-43525 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-07-08 | 6.8 Medium |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-38261 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-07-08 | 7.8 High |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
| CVE-2025-53075 | 1 Samsung | 1 Rlottie | 2025-07-08 | 9.8 Critical |
| Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2. | ||||
| CVE-2024-1019 | 1 Owasp | 1 Modsecurity | 2025-07-03 | 8.6 High |
| ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability. | ||||
| CVE-2023-45177 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-07-03 | 5.3 Medium |
| IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD is vulnerable to a denial-of-service attack due to an error within the MQ clustering logic. IBM X-Force ID: 268066. | ||||
| CVE-2025-53076 | 1 Samsung | 1 Rlottie | 2025-07-03 | 9.8 Critical |
| Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2. | ||||
| CVE-2025-1186 | 1 Xunruicms | 1 Xunruicms | 2025-07-03 | 6.3 Medium |
| A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-48944 | 2 Vllm, Vllm-project | 2 Vllm, Vllm | 2025-07-01 | 6.5 Medium |
| vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. Version 0.9.0 fixes the issue. | ||||
| CVE-2024-45219 | 2 Apache, Apache Software Foundation | 2 Cloudstack, Apache Cloudstack | 2025-07-01 | 8.5 High |
| Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. For checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done | ||||
| CVE-2020-35509 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2025-06-30 | 5.4 Medium |
| A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2024-23335 | 1 Mybb | 1 Mybb | 2025-06-30 | 4.7 Medium |
| MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability | ||||
| CVE-2024-29008 | 1 Apache | 1 Cloudstack | 2025-06-30 | 6.4 Medium |
| A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage. Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. | ||||
| CVE-2024-4548 | 1 Deltaww | 1 Diaenergie | 2025-06-27 | 9.8 Critical |
| An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. | ||||
| CVE-2024-4547 | 1 Deltaww | 1 Diaenergie | 2025-06-27 | 9.8 Critical |
| A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field | ||||
| CVE-2024-27385 | 1 Samsung | 4 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 1 more | 2025-06-26 | 6.7 Medium |
| A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite. | ||||
| CVE-2024-27386 | 1 Samsung | 4 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 1 more | 2025-06-26 | 6.7 Medium |
| A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite. | ||||