CVE-2025-27073 - Cisco Nexus Series: Denial of Service Vulnerability
CVE ID : CVE-2025-27073
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Transient DOS while creating NDP instance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27073
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Transient DOS while creating NDP instance.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27075 - Qualcomm Bluetooth Host Memory Corruption Vulnerability
CVE ID : CVE-2025-27075
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27075
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27076 - Citrix NetScaler Memory Corruption Vulnerability
CVE ID : CVE-2025-27076
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Memory corruption while processing simultaneous requests via escape path.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27076
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Memory corruption while processing simultaneous requests via escape path.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47324 - D-Link Powerline Information Disclosure Vulnerability
CVE ID : CVE-2025-47324
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47324
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : Information disclosure while accessing and modifying the PIB file of a remote device via powerline.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7954 - Shopware Voucher System Race Condition
CVE ID : CVE-2025-7954
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7954
Published : Aug. 6, 2025, 8:15 a.m. | 2 hours, 20 minutes ago
Description : A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7202 - Elgato Key Lights CSRF Vulnerability
CVE ID : CVE-2025-7202
Published : Aug. 6, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7202
Published : Aug. 6, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A Cross-Site Request Forgery (CSRF) in Elgato's Key Lights and related light products allows an attacker to host a malicious webpage that remotely controlles the victim's lights.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8556 - CIRCL FourQ Elliptic Curve Diffie-Hellman Key Exchange Session Compromise
CVE ID : CVE-2025-8556
Published : Aug. 6, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8556
Published : Aug. 6, 2025, 9:15 a.m. | 1 hour, 20 minutes ago
Description : A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22469 - Siemens SIMATIC S7-1200 OS Command Injection Vulnerability
CVE ID : CVE-2025-22469
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative user privilege.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22469
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : OS command injection vulnerability exists in CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1. An arbitrary OS command may be executed on the system with a certain non-administrative user privilege.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-22470 - Siemens SIMATIC CL4/6NX Plus Lua File Execution Vulnerability
CVE ID : CVE-2025-22470
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-22470
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : CL4/6NX Plus and CL4/6NX-J Plus (Japan model) with the firmware versions prior to 1.15.5-r1 allow crafted dangerous files to be uploaded. An arbitrary Lua script may be executed on the system with the root privilege.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6013 - Vault LDAP MFA Enforcement Weakness
CVE ID : CVE-2025-6013
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6013
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : Vault and Vault Enterprise’s (“Vault”) ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7771 - "ThrottleStop.sys Kernel Memory Access Vulnerability"
CVE ID : CVE-2025-7771
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7771
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8620 - GiveWP Information Exposure Vulnerability
CVE ID : CVE-2025-8620
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8620
Published : Aug. 6, 2025, 10:15 a.m. | 20 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to extract donor names, emails, and donor id.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46388 - Apache HTTP Server Information Disclosure
CVE ID : CVE-2025-46388
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46388
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46389 - Microsoft Azure Active Directory Password Change
CVE ID : CVE-2025-46389
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-620: Unverified Password Change
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46389
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-620: Unverified Password Change
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46390 - Apache Web Server HTTP Response Manipulation Vulnerability
CVE ID : CVE-2025-46390
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-204: Observable Response Discrepancy
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46390
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-204: Observable Response Discrepancy
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46391 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-46391
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-284: Improper Access Control
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46391
Published : Aug. 6, 2025, 11:15 a.m. | 3 hours, 20 minutes ago
Description : CWE-284: Improper Access Control
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5197 - Hugging Face Transformers ReDoS Vulnerability
CVE ID : CVE-2025-5197
Published : Aug. 6, 2025, 12:15 p.m. | 2 hours, 20 minutes ago
Description : A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5197
Published : Aug. 6, 2025, 12:15 p.m. | 2 hours, 20 minutes ago
Description : A Regular Expression Denial of Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the `convert_tf_weight_name_to_pt_weight_name()` function. This function, responsible for converting TensorFlow weight names to PyTorch format, uses a regex pattern `/[^/]*___([^/]*)/` that can be exploited to cause excessive CPU consumption through crafted input strings due to catastrophic backtracking. The vulnerability affects versions up to 4.51.3 and is fixed in version 4.53.0. This issue can lead to service disruption, resource exhaustion, and potential API service vulnerabilities, impacting model conversion processes between TensorFlow and PyTorch formats.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23310 - NVIDIA Triton Inference Server Stack Buffer Overflow Vulnerability
CVE ID : CVE-2025-23310
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23310
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23311 - NVIDIA Triton Inference Server Stack Overflow Remote Code Execution Vulnerability
CVE ID : CVE-2025-23311
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23311
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23317 - NVIDIA Triton Inference Server HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-23317
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23317
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-23318 - NVIDIA Triton Inference Server Python Backend Out-of-Bounds Write
CVE ID : CVE-2025-23318
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23318
Published : Aug. 6, 2025, 1:15 p.m. | 1 hour, 20 minutes ago
Description : NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...