Search

Search Results (364891 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-21915 1 Linux 1 Linux Kernel 2025-08-19 7.8 High
In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations.
CVE-2024-41799 1 Tgstation13 1 Tgstation-server 2025-08-19 8.4 High
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server (requiring a separate, isolated privilege) or some other means. A server configured to execute in BYOND's trusted security level (requiring a third separate, isolated privilege OR being set by another user) could lead to this escalating into remote code execution via BYOND's shell() proc. The ability to execute this kind of attack is a known side effect of having privileged TGS users, but normally requires multiple privileges with known weaknesses. This vector is not intentional as it does not require control over the where deployment code is sourced from and _may_ not require remote write access to an instance's `Configuration` directory. This problem is fixed in versions 6.8.0 and above.
CVE-2024-45419 1 Zoom 8 Meeting Software Development Kit, Rooms, Rooms Controller and 5 more 2025-08-19 8.1 High
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-4605 1 Autodesk 4 Maya, Universal Scene Description, Usd For 3ds Max and 1 more 2025-08-19 6.6 Medium
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
CVE-2020-13117 1 Wavlink 4 Wn575a4, Wn575a4 Firmware, Wn579x3 and 1 more 2025-08-19 9.8 Critical
Wavlink WN575A4, WN579X3, and WN530G3A devices through 2020-05-15 allow unauthenticated remote users to inject commands via the key parameter in a login request.
CVE-2024-45420 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2025-08-19 4.3 Medium
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45422 1 Zoom 8 Meeting Sdk, Meeting Software Development Kit, Rooms and 5 more 2025-08-19 6.5 Medium
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2024-56335 1 Dani-garcia 1 Vaultwarden 2025-08-19 7.6 High
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server.
CVE-2024-55896 1 Ibm 1 I 2025-08-19 5.4 Medium
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames.  This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system.
CVE-2025-21457 2 Google, Qualcomm 32 Android, Ar8035, Ar8035 Firmware and 29 more 2025-08-19 6.1 Medium
Information disclosure while opening a fastrpc session when domain is not sanitized.
CVE-2025-21474 1 Qualcomm 91 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 88 more 2025-08-19 7.8 High
Memory corruption while processing commands from A2dp sink command queue.
CVE-2025-21611 1 Tgstation13 1 Tgstation-server 2025-08-19 8.8 High
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3.
CVE-2025-8312 1 Devolutions 1 Devolutions Server 2025-08-19 7.1 High
Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following version(s) : * Devolutions Server 2025.2.2.0 through 2025.2.5.0 * Devolutions Server 2025.1.12.0 and earlier
CVE-2025-1433 1 Autodesk 10 Advance Steel, Autocad, Autocad Architecture and 7 more 2025-08-19 7.8 High
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2025-27071 1 Qualcomm 69 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 66 more 2025-08-19 7.3 High
Memory corruption while processing specific files in Powerline Communication Firmware.
CVE-2025-27076 1 Qualcomm 91 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 88 more 2025-08-19 7.8 High
Memory corruption while processing simultaneous requests via escape path.
CVE-2024-49785 1 Ibm 2 Watsonx.ai, Watsonx.ai On Cloud Pak For Data 2025-08-19 5.4 Medium
IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-57725 2025-08-19 N/A
Not used
CVE-2025-57724 2025-08-19 N/A
Not used
CVE-2025-57723 2025-08-19 N/A
Not used