Total
32389 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33062 | 1 Qualcomm | 580 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 577 more | 2025-08-11 | 7.5 High |
| Transient DOS in WLAN Firmware while parsing a BTM request. | ||||
| CVE-2023-33096 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16. | ||||
| CVE-2023-33099 | 1 Qualcomm | 208 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 205 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing SMS container of non-standard size received in DL NAS transport in NR. | ||||
| CVE-2023-33104 | 1 Qualcomm | 204 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 201 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing PDU Release command with a parameter PDU ID out of range. | ||||
| CVE-2024-33065 | 1 Qualcomm | 81 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 78 more | 2025-08-11 | 8.4 High |
| Memory corruption while taking snapshot when an offset variable is set by camera driver. | ||||
| CVE-2025-2331 | 1 Givewp | 1 Givewp | 2025-08-11 | 5.3 Medium |
| The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.22.1 via a misconfigured capability check in the 'permissionsCheck' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including reports detailing donors and donation amounts. | ||||
| CVE-2025-2228 | 1 Cyberchimps | 1 Responsive Addons For Elementor | 2025-08-09 | 5.7 Medium |
| The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.8 the 'register_user' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including usernames and passwords of any users who register via the Edit Login | Registration Form widget, as long as that user opens the email notification for successful registration. | ||||
| CVE-2025-2252 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-08-08 | 5.3 Medium |
| The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.6.1 via the edd_ajax_get_download_title() function. This makes it possible for unauthenticated attackers to extract private post titles of downloads. The impact here is minimal. | ||||
| CVE-2025-4979 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 4.9 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | ||||
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2024-3717 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-08-08 | 5.3 Medium |
| The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form. | ||||
| CVE-2025-1908 | 1 Gitlab | 1 Gitlab | 2025-08-08 | 7.7 High |
| An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | ||||
| CVE-2024-45663 | 1 Ibm | 1 Db2 | 2025-08-08 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | ||||
| CVE-2024-5969 | 1 Coderevolution | 1 Aiomatic | 2025-08-08 | 5.8 Medium |
| The AIomatic - Automatic AI Content Writer for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 2.0.5. This is due to insufficient limitations on the email recipient and the content in the 'aiomatic_send_email' function which are reachable via AJAX. This makes it possible for unauthenticated attackers to send emails with any content to any recipient. | ||||
| CVE-2025-2408 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2025-2469 | 1 Gitlab | 1 Gitlab | 2025-08-07 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users. | ||||
| CVE-2024-38273 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-08-07 | 5.4 Medium |
| Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | ||||
| CVE-2024-1722 | 1 Redhat | 3 Build Keycloak, Keycloak, Red Hat Single Sign On | 2025-08-07 | 3.7 Low |
| A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in. | ||||
| CVE-2025-3777 | 1 Huggingface | 1 Transformers | 2025-08-07 | N/A |
| Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1. | ||||
| CVE-2020-25078 | 1 Dlink | 18 Dcs-2530l, Dcs-2530l Firmware, Dcs-2670l and 15 more | 2025-08-06 | 7.5 High |
| An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated /config/getuser endpoint allows for remote administrator password disclosure. | ||||