Search

Search Results (364939 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-5846 1 Gitlab 1 Gitlab 2025-08-12 2.7 Low
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.
CVE-2025-5315 1 Gitlab 1 Gitlab 2025-08-12 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.
CVE-2025-3279 1 Gitlab 1 Gitlab 2025-08-12 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.
CVE-2025-1754 1 Gitlab 1 Gitlab 2025-08-12 5.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.
CVE-2025-53186 1 Huawei 2 Emui, Harmonyos 2025-08-12 5.9 Medium
Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-53185 1 Huawei 2 Emui, Harmonyos 2025-08-12 6.6 Medium
Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2025-53178 1 Huawei 2 Emui, Harmonyos 2025-08-12 4.8 Medium
Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.
CVE-2025-53177 1 Huawei 2 Emui, Harmonyos 2025-08-12 3.9 Low
Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.
CVE-2025-53169 1 Huawei 1 Harmonyos 2025-08-12 7.6 High
Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVE-2025-53168 1 Huawei 1 Harmonyos 2025-08-12 5.7 Medium
Vulnerability of bypassing the process to start SA and use related functions on distributed cameras Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVE-2022-43656 1 Bentley 1 View 2025-08-12 5.5 Medium
Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18492.
CVE-2023-37865 1 Ip2location 1 Country Blocker 2025-08-12 5.3 Medium
Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1.
CVE-2025-30184 1 Cyberdata 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware 2025-08-12 9.8 Critical
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-30507 1 Cyberdata 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware 2025-08-12 5.3 Medium
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CVE-2025-30515 1 Cyberdata 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware 2025-08-12 9.8 Critical
CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVE-2025-30183 1 Cyberdata 2 011209 Sip Emergency Intercom, 011209 Sip Emergency Intercom Firmware 2025-08-12 7.5 High
CyberData 011209 Intercom does not properly store or protect web server admin credentials.
CVE-2025-48067 1 Octoprint 1 Octoprint 2025-08-12 5.4 Medium
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.
CVE-2025-48879 1 Octoprint 1 Octoprint 2025-08-12 6.5 Medium
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server. The vulnerability has been patched in version 1.11.2.
CVE-2025-5982 1 Gitlab 1 Gitlab 2025-08-12 3.7 Low
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
CVE-2021-24211 1 Sovrn 1 Wordpress Related Posts 2025-08-12 5.4 Medium
The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.