Search
Search Results (331699 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30164 | 1 Icinga | 1 Icinga Web 2 | 2025-08-01 | 4.1 Medium |
| Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user (or one that is able to authenticate), allows to manipulate the backend to redirect the user to any location. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. No known workarounds are available. | ||||
| CVE-2025-20209 | 1 Cisco | 6 Ios Xr, Ios Xr Software, Ncs 1004 and 3 more | 2025-08-01 | 7.5 High |
| A vulnerability in the Internet Key Exchange version 2 (IKEv2) function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent an affected device from processing any control plane UDP packets. This vulnerability is due to improper handling of malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to prevent the affected device from processing any control plane UDP packets, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2025-8292 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2025-08-01 | 8.8 High |
| Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-0150 | 1 Zoom | 2 Meeting Software Development Kit, Workplace | 2025-08-01 | 7.1 High |
| Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access. | ||||
| CVE-2025-0330 | 1 Litellm | 1 Litellm | 2025-08-01 | N/A |
| In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This vulnerability exposes sensitive information, including langfuse_secret and langfuse_public_key, which can provide full access to the Langfuse project storing all requests. | ||||
| CVE-2025-41377 | 2025-08-01 | N/A | ||
| A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php. | ||||
| CVE-2025-29778 | 1 Kyverno | 1 Kyverno | 2025-08-01 | 5.8 Medium |
| Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue. | ||||
| CVE-2024-10264 | 1 Youdao | 1 Qanything | 2025-08-01 | 9.8 Critical |
| HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP requests between a proxy and a server. This can lead to unauthorized access, bypassing security controls, session hijacking, data leakage, and potentially arbitrary code execution. | ||||
| CVE-2024-12864 | 1 Youdao | 1 Qanything | 2025-08-01 | N/A |
| A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large filename, causing the server to become overwhelmed and unavailable for legitimate users. This attack does not require authentication, making it highly scalable and increasing the risk of exploitation. | ||||
| CVE-2025-54847 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54846 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54845 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54844 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54843 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54842 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54841 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54840 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54839 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-54657 | 2025-08-01 | N/A | ||
| Not used | ||||
| CVE-2025-29360 | 1 Tenda | 2 Rx3, Rx3 Firmware | 2025-08-01 | 7.5 High |
| Tenda RX3 US_RX3V1.0br_V16.03.13.11_multi_TDE01 is vulnerable to Buffer Overflow via the time and timeZone parameters at /goform/SetSysTimeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||