CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-8842 A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to b... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8843 A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8844 A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference... | 3.3 | LOW | — | 0 |
| CVE-2025-8672 MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local use... | 7.8 | HIGH | — | 0 |
| CVE-2025-8845 A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8846 A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8847 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeCo... | 3.5 | LOW | — | 0 |
| CVE-2025-8852 A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to informati... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-53187 Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability ma... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7677 A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. This issue affects... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-7679 The ASPECT system allows users to bypass authentication. This issue affects all versions of ASPECT | 8.1 | HIGH | — | 0 |
| CVE-2025-55574 Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code | 6.1 | MEDIUM | — | 0 |
| CVE-2025-54878 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 8.6 | HIGH | — | 0 |
| CVE-2025-8885 Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All (API modules), Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allow... | N/A | NONE | — | 0 |
| CVE-2025-3831 Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. | 8.1 | HIGH | — | 0 |
| CVE-2024-33607 Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access. | 5.6 | MEDIUM | — | 0 |
| CVE-2025-25006 Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-25007 Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-33051 Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-53781 Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | 7.7 | HIGH | — | 0 |
| CVE-2025-55575 SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53783 Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-49456 Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-49457 Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access | 9.6 | CRITICAL | — | 0 |
| CVE-2025-8916 Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All (API modules), Legion of the Bouncy Castle Inc. BC Java bcprov on All (API ... | N/A | NONE | — | 0 |
| CVE-2025-8908 A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.ph... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5819 An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer acces... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-8919 A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of... | 2.4 | LOW | — | 0 |
| CVE-2025-8920 A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC ... | 2.4 | LOW | — | 0 |
| CVE-2025-8927 A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulatio... | 3.7 | LOW | — | 0 |
| CVE-2012-10054 Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary fi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-55194 Part-DB is an open source inventory management system for electronic components. Prior to version 1.17.3, any authenticated user can upload a profile picture with a misleading file extension (e.g., .j... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-8961 A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can o... | 3.3 | LOW | — | 0 |
| CVE-2025-50518 A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU obje... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-8965 A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminSt... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-20127 A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cis... | 7.7 | HIGH | — | 0 |
| CVE-2025-20148 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a de... | 8.5 | HIGH | — | 0 |
| CVE-2025-20306 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker with Administrator-level privileges to exe... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-55192 HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workfl... | N/A | NONE | — | 0 |
| CVE-2025-8974 A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHel... | 3.7 | LOW | — | 0 |
| CVE-2025-8978 A vulnerability was determined in D-Link DIR-619L 6.02CN02. Affected is the function FirmwareUpgrade of the component boa. The manipulation leads to insufficient verification of data authenticity. It ... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-8991 A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler.... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-7821 The WC Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pluswc_logo_favicon_logo_base' AJAX action in all versions up to, and incl... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8992 A vulnerability has been found in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remote... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-9000 A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrol... | 7.0 | HIGH | — | 0 |
| CVE-2025-9001 A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-9002 A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possi... | 7.3 | HIGH | — | 0 |
| CVE-2025-9004 A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authenticat... | 3.7 | LOW | — | 0 |
| CVE-2025-9005 A vulnerability was determined in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. It is possible t... | 3.7 | LOW | — | 0 |
| CVE-2025-9016 A vulnerability was identified in Mechrevo Control Center GX V2 5.56.51.48. This affects an unknown part of the file C:\Program Files\OEM\机械革命控制中心\AiStoneService\MyControlCenter\Command of the compone... | 7.0 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.