Search

Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27779 1 Applio 1 Applio 2025-08-01 9.8 Critical
Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in `model_blender.py` lines 20 and 21. `model_fusion_a` and `model_fusion_b` from voice_blender.py take user-supplied input (e.g. a path to a model) and pass that value to the `run_model_blender_script` and later to `model_blender` function, which loads these two models with `torch.load` in `model_blender.py (on lines 20-21 in 3.2.8-bugfix), which is vulnerable to unsafe deserialization. The issue can lead to remote code execution. A patch is available on the `main` branch of the Applio repository.
CVE-2024-27247 1 Zoom 2 Workplace Desktop, Zoom 2025-07-31 5.5 Medium
Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.
CVE-2024-27242 1 Zoom 1 Zoom 2025-07-31 4.1 Medium
Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-24694 1 Zoom 2 Workplace Desktop, Zoom 2025-07-31 5.9 Medium
Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2024-27105 1 Frappe 1 Frappe 2025-07-31 8.1 High
Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available.
CVE-2024-24813 1 Frappe 1 Frappe 2025-07-31 7.5 High
Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available.
CVE-2025-54528 1 Jetbrains 1 Teamcity 2025-07-31 5.4 Medium
In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVE-2025-54529 1 Jetbrains 1 Teamcity 2025-07-31 3.7 Low
In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVE-2025-0651 1 Cloudflare 1 Warp 2025-07-31 7.1 High
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privilegesĀ  can create a set of symlinks inside theĀ C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0.
CVE-2020-3122 1 Cisco 13 Asyncos, Secure Email And Web Manager, Secure Email And Web Manager M170 and 10 more 2025-07-31 N/A
A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to obtain sensitive network information.
CVE-2024-20258 1 Cisco 25 Asyncos, Secure Email And Web Manager M170, Secure Email And Web Manager M190 and 22 more 2025-07-31 6.1 Medium
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2025-0143 1 Zoom 3 Meeting Software Development Kit, Video Software Development Kit, Workplace Desktop 2025-07-31 4.3 Medium
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.
CVE-2024-12389 1 Binary-husky 1 Gpt Academic 2025-07-31 N/A
A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files will remain within the intended extraction directory. An attacker can exploit this vulnerability to perform arbitrary file writes, which can lead to remote code execution.
CVE-2025-53023 1 Oracle 2 Mysql Cluster, Mysql Server 2025-07-31 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2024-12392 1 Binary-husky 1 Gpt Academic 2025-07-31 N/A
A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks.
CVE-2025-54536 1 Jetbrains 1 Teamcity 2025-07-31 5.4 Medium
In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
CVE-2025-8262 1 Yarnpkg 1 Yarn 2025-07-31 4.3 Medium
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The patch is identified as 97731871e674bf93bcbf29e9d3258da8685f3076. It is recommended to apply a patch to fix this issue.
CVE-2025-1758 1 Progress 2 Loadmaster, Multi-tenant Loadmaster 2025-07-31 4.3 Medium
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
CVE-2025-21619 1 Glpi-project 1 Glpi 2025-07-31 9.8 Critical
GLPI is a free asset and IT management software package. An administrator user can perfom a SQL injection through the rules configuration forms. This vulnerability is fixed in 10.0.18.
CVE-2025-24799 1 Glpi-project 1 Glpi 2025-07-31 7.5 High
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.