CVE-2025-7032 - Rockwell Automation Arena Memory Corruption Vulnerability
CVE ID : CVE-2025-7032
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7032
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7033 - Rockwell Automation Arena Memory Corruption Vulnerability
CVE ID : CVE-2025-7033
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7033
Published : Aug. 5, 2025, 2:15 p.m. | 20 minutes ago
Description : A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27931 - PDF-XChange Editor Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-27931
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27931
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29745 - Emsisoft Anti-Malware Net-NTLMv2 Hash Information Disclosure
CVE ID : CVE-2025-29745
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29745
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2611 - ICTBroadcast Unauthenticated Remote Code Execution
CVE ID : CVE-2025-2611
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2611
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44964 - BlueStacks SSL Certificate Validation Weakness - Man-in-the-Middle
CVE ID : CVE-2025-44964
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44964
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46958 - Adobe Experience Manager Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-46958
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46958
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47152 - PDF-XChange Editor Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-47152
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47152
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50706 - Apache ThinkPHP Remote Code Execution Vulnerability
CVE ID : CVE-2025-50706
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50706
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50707 - ThinkPHP3 Remote Code Execution Vulnerability
CVE ID : CVE-2025-50707
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50707
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54874 - OpenJPEG Out-of-Bounds Heap Memory Write
CVE ID : CVE-2025-54874
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54874
Published : Aug. 5, 2025, 3:15 p.m. | 3 hours, 20 minutes ago
Description : OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43979 - FIRSTNUM JC21A-04 Command Injection Vulnerability
CVE ID : CVE-2025-43979
Published : Aug. 5, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43979
Published : Aug. 5, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the xml_action.cgi?method= endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46658 - "4C Strategies Exonaut ExonautWeb Information Disclosure"
CVE ID : CVE-2025-46658
Published : Aug. 5, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46658
Published : Aug. 5, 2025, 4:15 p.m. | 2 hours, 20 minutes ago
Description : An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43978 - Jointelli 5G CPE OS Command Injection Vulnerability
CVE ID : CVE-2025-43978
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43978
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to execute arbitrary OS commands with root privileges via crafted inputs to the SSID, WPS, Traceroute, and Ping fields.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43980 - FIRSTNUM JC21A-04 Default SSH Credentials Vulnerability
CVE ID : CVE-2025-43980
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43980
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54253 - Adobe Experience Manager Code Execution Vulnerability
CVE ID : CVE-2025-54253
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54253
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54254 - Adobe Experience Manager XXE File System Read Vulnerability
CVE ID : CVE-2025-54254
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54254
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7674 - Roche Diagnostics navify Monitoring Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-7674
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact on data confidentiality or integrity. This issue affects navify Monitoring before 1.08.00.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7674
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact on data confidentiality or integrity. This issue affects navify Monitoring before 1.08.00.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8584 - Libav AVI File Parser Null Pointer Dereference Vulnerability
CVE ID : CVE-2025-8584
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8584
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8585 - Libav DSS File Demuxer Double Free Vulnerability
CVE ID : CVE-2025-8585
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8585
Published : Aug. 5, 2025, 5:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of the component DSS File Demuxer. The manipulation leads to double free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The bug was initially reported by the researcher to the wrong project. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50454 - Blue Access Cobalt X1 Authentication Bypass Vulnerability
CVE ID : CVE-2025-50454
Published : Aug. 5, 2025, 6:15 p.m. | 20 minutes ago
Description : An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50454
Published : Aug. 5, 2025, 6:15 p.m. | 20 minutes ago
Description : An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...