Total
13171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46901 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2025-07-15 | 3.1 Low |
| Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. | ||||
| CVE-2024-24683 | 1 Apache | 1 Hop Engine | 2025-07-15 | 6.5 Medium |
| Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client. | ||||
| CVE-2025-1440 | 2 Tinywebgallery, Wordpress | 2 Advanced Iframe, Wordpress | 2025-07-14 | 5.3 Medium |
| The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possible for unauthenticated attackers to update the advancediFrameParameterData option with an excessive amount of unvalidated data. | ||||
| CVE-2024-32485 | 1 Intel | 1 Vroc Software | 2025-07-12 | 3.9 Low |
| Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-27613 | 1 Numbas | 1 Editor | 2025-07-11 | 7.3 High |
| Numbas editor before 7.3 mishandles reading of themes and extensions. | ||||
| CVE-2025-6376 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2025-6377 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | 7.8 High |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | ||||
| CVE-2023-52588 | 1 Linux | 1 Linux Kernel | 2025-07-11 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to tag gcing flag on page during block migration It needs to add missing gcing flag on page during block migration, in order to garantee migrated data be persisted during checkpoint, otherwise out-of-order persistency between data and node may cause data corruption after SPOR. Similar issue was fixed by commit 2d1fe8a86bf5 ("f2fs: fix to tag gcing flag on page during file defragment"). | ||||
| CVE-2025-24002 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 5.3 Medium |
| An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog. | ||||
| CVE-2025-24005 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 7.8 High |
| A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. | ||||
| CVE-2022-32144 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-07-11 | 8.6 High |
| There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | ||||
| CVE-2024-3584 | 1 Qdrant | 1 Qdrant | 2025-07-10 | 7.5 High |
| qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0. | ||||
| CVE-2024-4287 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-10 | 7.2 High |
| In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts. | ||||
| CVE-2023-29335 | 1 Microsoft | 15 365 Apps, Office, Windows 10 1507 and 12 more | 2025-07-10 | 7.5 High |
| Microsoft Word Security Feature Bypass Vulnerability | ||||
| CVE-2023-24950 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-10 | 6.5 Medium |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||
| CVE-2024-38201 | 1 Microsoft | 1 Azure Stack Hub | 2025-07-10 | 7 High |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2024-38196 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-34365 | 1 Apache | 1 Karaf Cave | 2025-07-10 | 9.1 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-4321 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2025-07-10 | N/A |
| A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application. | ||||
| CVE-2018-6541 | 3 Canonical, Gdraheim, Redhat | 3 Ubuntu Linux, Zziplib, Enterprise Linux | 2025-07-10 | N/A |
| In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. | ||||