Search

Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23311 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Triton Inference Server 2025-08-12 9.8 Critical
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
CVE-2025-23310 3 Linux, Microsoft, Nvidia 3 Linux Kernel, Windows, Triton Inference Server 2025-08-12 9.8 Critical
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
CVE-2025-21010 1 Samsung 2 Android, Samsung Account App 2025-08-12 6 Medium
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
CVE-2025-20990 1 Samsung 4 Android, Mobile, Samsung Mobile and 1 more 2025-08-12 4 Medium
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
CVE-2025-54615 1 Huawei 1 Harmonyos 2025-08-12 6.2 Medium
Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-54616 1 Huawei 1 Harmonyos 2025-08-12 4 Medium
Out-of-bounds array access vulnerability in the ArkUI framework. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54614 1 Huawei 1 Harmonyos 2025-08-12 6.2 Medium
Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54611 1 Huawei 3 Appgallery, Emui, Harmonyos 2025-08-12 7.3 High
EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-52364 1 Ibm 1 Cloud Pak For Business Automation 2025-08-12 5.4 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2025-54610 1 Huawei 1 Harmonyos 2025-08-12 5.4 Medium
Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54609 1 Huawei 1 Harmonyos 2025-08-12 5.4 Medium
Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-52365 1 Ibm 1 Cloud Pak For Business Automation 2025-08-12 6.4 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-38105 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-12 N/A
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21017.
CVE-2023-42098 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2025-08-12 N/A
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22037.
CVE-2023-38120 1 Adtran 2 Sr400ac, Sr400ac Firmware 2025-08-12 N/A
Adtran SR400ac ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adtran SR400ac routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ping command, which is available over JSON-RPC. A crafted host parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20525.
CVE-2023-38125 1 Softing 3 Edgeaggregator, Edgeconnector, Secure Integration Server 2025-08-12 8.8 High
Softing edgeAggregator Permissive Cross-domain Policy with Untrusted Domains Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate Content Security Policy headers. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20542.
CVE-2023-39471 1 Tp-link 4 Tl-wr840n, Tl-wr840n Firmware, Tl-wr841n and 1 more 2025-08-12 8.8 High
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
CVE-2025-46341 1 Freshrss 1 Freshrss 2025-08-12 7.1 High
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
CVE-2025-46339 1 Freshrss 1 Freshrss 2025-08-12 4.3 Medium
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it's possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue.
CVE-2025-32015 1 Freshrss 1 Freshrss 2025-08-12 6.7 Medium
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `<script src>`. In order to execute the attack, the attacker needs to control one of the victim's feeds and have an account on the FreshRSS instance that the victim is using. An attacker can gain access to the victim's account by exploiting this vulnerability. If the victim is an admin it would be possible to delete all users (cause damage) or execute arbitrary code on the server by modifying the update URL using fetch() via the XSS. Version 1.26.2 contains a patch for the issue.