Total
12756 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8101 | 2 Redhat, X.org | 4 Enterprise Linux, X11, X Server and 1 more | 2025-08-29 | N/A |
| The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function. | ||||
| CVE-2017-12178 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12181 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12182 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12184 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-13721 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session. | ||||
| CVE-2017-12183 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2017-12185 | 2 Debian, X.org | 2 Debian Linux, X Server | 2025-08-29 | N/A |
| xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | ||||
| CVE-2024-5681 | 2 Schneider-electric, Schneider Electric | 2 Ecostruxure Foxboro Dcs Control Core Services, Ecostruxure Foxboro Dcs Core Control Services | 2025-08-27 | 7.8 High |
| CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
| CVE-2024-2689 | 2025-08-27 | 4.4 Medium | ||
| Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server. | ||||
| CVE-2025-30391 | 1 Microsoft | 1 Dynamics 365 Customer Service | 2025-08-27 | 8.1 High |
| Improper input validation in Microsoft Dynamics allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2024-5990 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2025-08-27 | 7.5 High |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device. | ||||
| CVE-2024-5989 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2025-08-27 | 9.8 Critical |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | ||||
| CVE-2024-5988 | 1 Rockwellautomation | 2 Thinmanager, Thinserver | 2025-08-27 | 9.8 Critical |
| Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™. | ||||
| CVE-2025-7876 | 1 Metasoft | 1 Metacrm | 2025-08-27 | 6.3 Medium |
| A vulnerability classified as critical was found in Metasoft 美特软件 MetaCRM up to 6.4.2. This vulnerability affects the function AnalyzeParam of the file download.jsp. The manipulation of the argument p leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8266 | 2 Chancms, Yanyutao0402 | 2 Chancms, Chancms | 2025-08-27 | 6.3 Medium |
| A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.3 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2023-48368 | 1 Intel | 1 Media Sdk | 2025-08-27 | 5.9 Medium |
| Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-21976 | 2025-08-26 | 8.8 High | ||
| Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | ||||
| CVE-2025-30355 | 2 Element-hq, Matrix | 2 Synapse, Synapse | 2025-08-26 | 7.1 High |
| Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available. | ||||
| CVE-2025-57805 | 2025-08-26 | N/A | ||
| The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2. | ||||