CVE-2025-28171 - Grandstream UCM6510 Information Disclosure
CVE ID : CVE-2025-28171
Published : July 29, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28171
Published : July 29, 2025, 4:15 p.m. | 1 hour, 46 minutes ago
Description : An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28170 - Grandstream Networks GXP1628 Directory Traversal Vulnerability
CVE ID : CVE-2025-28170
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28170
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31965 - HCL BigFix Remote Control Server WebUI Information Disclosure Vulnerability
CVE ID : CVE-2025-31965
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31965
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44136 - MapTiler Tileserver-php XSS
CVE ID : CVE-2025-44136
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44136
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthenticated attacker to execute arbitrary HTML or JavaScript code on a victim's browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44137 - MapTiler Tileserver-php Directory Traversal Vulnerability
CVE ID : CVE-2025-44137
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44137
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web request. Creating the path to a file allows the insertion of "../" and thus read any file on the web server. Affected GET parameters are "TileMatrix", "TileRow", "TileCol" and "Format"
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54420 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-54420
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Rejected reason: This CVE is a duplicate of CVE-2025-8129.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54420
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Rejected reason: This CVE is a duplicate of CVE-2025-8129.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54432 - Apache HTTP Server Unvalidated User Input Remote Code Execution
CVE ID : CVE-2025-54432
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54432
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5922 - TSplus Remote Access Admin Tool Unsalted PIN Hash Leak
CVE ID : CVE-2025-5922
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted. LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5922
Published : July 29, 2025, 5:15 p.m. | 46 minutes ago
Description : Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted. LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5043 - Autodesk 3DM Heap-Based Overflow Vulnerability
CVE ID : CVE-2025-5043
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5043
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6631 - Autodesk PRT File Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-6631
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6631
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6635 - Autodesk PRT File Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-6635
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6635
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6636 - Autodesk PRT File Use-After-Free Vulnerability
CVE ID : CVE-2025-6636
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6636
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6637 - Autodesk PRT File Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-6637
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6637
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7497 - Autodesk PRT File Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-7497
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7497
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7675 - Autodesk 3DM Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-7675
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7675
Published : July 29, 2025, 6:15 p.m. | 3 hours, 46 minutes ago
Description : A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-42651 - NanoMQ Heap Use-After-Free Denial of Service Vulnerability
CVE ID : CVE-2024-42651
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-42651
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-42655 - NanoMQ MQTT Wildcard Access Control Bypass
CVE ID : CVE-2024-42655
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-42655
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-49828 - IBM Db2 Denial of Service Vulnerability
CVE ID : CVE-2024-49828
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-49828
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51473 - IBM Db2 Denial of Service Vulnerability
CVE ID : CVE-2024-51473
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-51473
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52894 - IBM Db2 Denial of Service
CVE ID : CVE-2024-52894
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52894
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33092 - IBM Db2 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-33092
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33092
Published : July 29, 2025, 7:15 p.m. | 2 hours, 46 minutes ago
Description : IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...