Total
12594 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8445 | 1 Redhat | 3 Directory Server, Enterprise Linux, Rhel Els | 2025-09-12 | 5.7 Medium |
| The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input. | ||||
| CVE-2024-6239 | 2 Freedesktop, Redhat | 2 Poppler, Enterprise Linux | 2025-09-12 | 7.5 High |
| A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | ||||
| CVE-2024-1481 | 1 Redhat | 1 Enterprise Linux | 2025-09-12 | 5.3 Medium |
| A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | ||||
| CVE-2024-2199 | 1 Redhat | 4 Directory Server, Directory Server E4s, Enterprise Linux and 1 more | 2025-09-12 | 5.7 Medium |
| A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | ||||
| CVE-2024-3657 | 1 Redhat | 5 Directory Server, Directory Server E4s, Directory Server Eus and 2 more | 2025-09-12 | 7.5 High |
| A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service | ||||
| CVE-2025-50674 | 1 Openmediavault | 1 Openmediavault | 2025-09-12 | 7.8 High |
| An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root. | ||||
| CVE-2025-54250 | 1 Adobe | 1 Experience Manager | 2025-09-12 | 4.9 Medium |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. | ||||
| CVE-2025-54248 | 1 Adobe | 1 Experience Manager | 2025-09-12 | 7.7 High |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed | ||||
| CVE-2025-54247 | 1 Adobe | 1 Experience Manager | 2025-09-12 | 6.5 Medium |
| Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. | ||||
| CVE-2025-9287 | 1 Browserify | 1 Cipher-base | 2025-09-12 | 9.1 Critical |
| Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4. | ||||
| CVE-2025-9288 | 1 Browserify | 1 Sha.js | 2025-09-12 | 9.1 Critical |
| Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. | ||||
| CVE-2025-10252 | 1 Seat | 1 Queue Ticket Kiosk | 2025-09-12 | 3.1 Low |
| A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-55444 | 1 Vishalmathur | 1 Online Artwork And Fine Arts Project | 2025-09-11 | 9.8 Critical |
| A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution. | ||||
| CVE-2025-10164 | 2025-09-11 | 7.3 High | ||
| A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-58759 | 2025-09-11 | 5.1 Medium | ||
| TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication. The issue is fixed in v1.0.11. Users should upgrade to the latest patched version. As a temporary workaround, avoid using inline comments in .env files, or sanitize loaded values manually. | ||||
| CVE-2025-30151 | 1 Shopware | 1 Shopware | 2025-09-10 | 7.5 High |
| Shopware is an open commerce platform. It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. This vulnerability is fixed in 6.6.10.3 or 6.5.8.17. For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. | ||||
| CVE-2025-20032 | 1 Intel | 7 Proset\/wireless Wifi, Wi-fi 6 Ax101, Wi-fi 6 Ax201 and 4 more | 2025-09-10 | 7.9 High |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2025-54236 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-09-10 | 9.1 Critical |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-4467 | 1 Redhat | 7 Advanced Virtualization, Container Native Virtualization, Enterprise Linux and 4 more | 2025-09-10 | 7.8 High |
| A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. | ||||
| CVE-2025-29955 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-09-10 | 6.2 Medium |
| Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. | ||||